Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0027: Clock synchronization

Authentication Service ,  

12 April,16 at 11:44 AM

Question:

Do the clocks have to be in sync and how does this affect logins.

Answer:

The only time users will have problems authenticating is if the time on the client machine drifts more than 5 minutes from the time on the server machine.

Users who are currently logged in will remain logged in, but will no longer be able to authenticate to new services using their kerberos credentials. New users will not be able to log in until the clocks are synchronized between the client and the server. This is used to prevent replay attacks.

The adjoin command will perform this syncing and keeping both clocks in sync. However if you do not want our program to do that you can use the -t option for adjoin and for our adclient daemon will disable this by editing the /etc/init.d/centrifydc startup script and adding the option -t -1 to the adclient line. The " -t or --notime " is used to indicate that you do not want to update the local computer time. Under normal circumstances, the local computer time should be updated to be synchronized with the Kerberos Key Distribution Center (KDC) in Active Directory. If you use this option, some ticket authentications may fail.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-1745: How to configure time synchronization when using Solaris Zones. articleKB-8942: What are the steps to migrate a RHEL Brightstore cluster to Centrify articleKB-2879: Which Windows GPs will also apply to Centrify-installed systems? articleKB-2429: Unable to analyze AIX 7.x Server using Deployment Manager. articleKB-2808: How to configure Mobility Home Sync to only sync selected folders and skip everything else. articleKB-0604: ypmatch returns "!" in the password field for user accounts instead of password hash articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6153: The access token is no longer valid