[Bug 985727] Re: krb5-admin-server falsely claiming clock skew errors

Robie Basak 985727 at bugs.launchpad.net
Fri Apr 20 09:19:44 UTC 2012 

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

I have failed to reproduce this on Precise.

krb5-admin-server	1.10+dfsg~beta1-2
krb5-kdc	1.10+dfsg~beta1-2

I made sure that DNS worked correctly (by putting the server FQDN in
/etc/hosts), symlinked /dev/urandom to /dev/random (as I am running on a
VM, it's short of entropy) and ran krb5_newrealm. I added an admin
credential using kadmin.local, and then kadmin works without any delay.

Can you check that you don't have a DNS issue resolving your admin
server slowly, thus causing a clock skew issue?

I'm not sure what else to suggest. If you can provide step-by-step
instructions to reproduce this on a single fresh VM, this would help.

** Changed in: krb5 (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/985727

Title:
  krb5-admin-server falsely claiming clock skew errors

Status in “krb5” package in Ubuntu:
  Incomplete

Bug description:
  I installed a Kerberos KDC and Admin Server onto an Ubuntu 12.04
  64-bit VM.  I created a test realm, and added principals.

  When I kinit, it works, and I get a ticket back.  However, when I try
  to use kadmin, kadmin is extremely slow to respond, then eventually
  gives an "unspecified GSS failure: clock skew too great" error.  This
  occurs even when I am simply using kadmin to connect to the same
  machine I am on.  In other words, I can use it to connect to
  localhost, meaning the clocks would be identical, yet I still get this
  error.

  This does not happen when the guest VM onto which I install the KDC is
  an Ubuntu 10.04 VM.  However, installing onto 12.04 causes this
  failure.

  The clock is synchronized since it is a VM, so that is not the
  problem.  However, as I said, this occurs even if I connect from the
  KDC to the KDC using kadmin.  Of course, kadmin.local works just fine,
  but I would rather not have to rely on that for management of my
  Kerberos realms, especially since it worked in 10.04.

  Thanks,
  Brian

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: krb5-admin-server 1.10+dfsg~beta1-2
  ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
  Uname: Linux 3.2.0-23-generic x86_64
  ApportVersion: 2.0.1-0ubuntu5
  Architecture: amd64
  Date: Thu Apr 19 12:02:53 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120327.1)
  ProcEnviron:
   TERM=xterm
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: krb5
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/985727/+subscriptions

More information about the foundations-bugs mailing list