Adventures in Windows Time
“The only reason for time is so that everything doesn’t happen at once.”
At work, I have an integrated authentication system based on Windows Active Directory. All clients, Linux, Unix, and Windows, use Active Directory for user names and passwords. Active Directory is actually a good implementation of Kerberos. It does pretty good LDAP as well. I used some of Scott Lowe’s interoperability blog recipes to get this to work, namely this post for Linux, and this one for Solaris.
One requirement for a reliable Kerberos service is that every clock on every participating machine has to be synchronized. By default Windows domain controllers act as Network Time Protocol (NTP) servers, and Windows clients know to sync with them. We configure our Linux and Unix machines to use them as well.
There’s some issues with using Windows domain controllers as NTP servers…
![[FSF Associate Member]](http://www.porterdavis.org/images/fsf_member_7501_button.png){kind=small}