In a field it is important that the clocks of all the machines are synchronized. Indeed, the Kerberos authentication protocol requires a default of 5 minutes maximum difference between the clocks in order to prevent attacks.
If authentication was based solely on a username and password it would be theoretically possible for an attacker to save network traffic, extract data and replay them to the server. The Kerberos session keys are unique and based on time of the customer, which helps prevent these attacks if the maximum permissible difference is relatively small.
To be certain that all clocks are synchronized with each other it is necessary to define an authoritative time source. It is possible to configure the domain controller PDC operations master so that it becomes a source of stratum 2 time source synchronizing to a Stratum 1 time (usually a time server based on an atomic clock) .
Continue reading "Configure a time server authoritative Windows 2003"
