That is The Beginning of Time in the UTC+1 time zone. Well as far as POSIX is concerned, anyway.kdc[6798]: Too large time skew, client time 1970-01-01T01:00:00 is out by 1668625860 > 300 seconds
sysrc kdc_enable="YES"
sysrc kdc_program="/usr/local/libexec/kdc"
sysrc kdc_flags=""
sysrc kadmind_enable="YES"
sysrc kadmind_program="/usr/local/libexec/kadmind"
Hm, can You elaborate? In what regard?So the long of it is... heimdal services are packaged in base and are currently a much older version (1.5.2) versus the install in pkg (7.8). The libraries in base seem to operate perfectly fine for client side Kerberos functionality. However, they don't seem to work well as a KDC any longer.
I happened to write my own rc scripts, anyway, because the ones provided are not able to operate multiple instances of the KDC. (Neither is the binary code, unless it gets tweaked a bit).So we want to make sure that the pkg version of the kdc and kadmin daemon are the ones ran by the rc system at startup. This doesn't appear to be noted in the handbook currently, just that we should install the latest version of heimdal on the KDC.
Hm, can You elaborate? In what regard?
I found that I need newest MIT version on some client in order to work with the python library - but even that seems to work with the KDC from base. Maybe it has some flaw which I failed to recognize?