Path: utzoo!utgpu!watserv1!watmath!att!pacbell.com!ames!rex!samsung!uunet!shelby!ulysses.att.com!smb
From: smb@ulysses.att.com
Newsgroups: comp.protocols.kerberos
Subject: Re: Time Synchronization for IBM VM and MVS System
Message-ID: <9102081934.AA14871@ATHENA.MIT.EDU>
Date: 8 Feb 91 19:33:37 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 24


	 On Thu, 7 Feb 91 14:54:31 EST you said:
	 >***** Reply to your note of: Thu, 7 Feb 91 12:12:04 EST *************
	*****
	 >We at IBM recognize the necessity of time synchronization.
	 >We looking into possibility of implementing ntp or dtp.

	 I guess I understand from this reply is that it is technically
	 not possible to use VM as a Kerberos authentication server for
	 application clients and servers not residing on the same
	 machine.

I fear I'm sadly misunderstanding the problem.  Kerberos does not require
closely-synchronized clocks.  As I recall the README files and installation
manuals, the default clock skew is 5 minutes.  Unless the drift is very
bad -- not my (comparatively ancient) experience with IBM mainframes --
this shouldn't be a problem.  (Assuming, of course, that whoever set the
time didn't get the year wrong or some such...)

Granted, NTP can't be used unless someone implements a robotic arm to flip the
clock enable switch.  But surely someone can set the time to within a
few seconds of UTC without particular trauma.  And, while that's not
nearly good enough for distributed file systems, it's more than ample
for current Kerberos implementations.