Product: TIBCO Spotfire Server
Versions: All
Summary:
Kerberos Authentication fails with error "Failure unspecified at GSS-API level (Mechanism level: Clock skew too great (37))". To resolve the issue, ensure that the time is property synchronized between all the machines involved.
Details:
With Kerberos authentication for Spotfire enabled, the end users are unable to log in using Analyst or web clients. The Kerberos authentication fails and the TIBCO Spotfire Server server.log contains error messages like the following:
Failure when executing privileged Kerberos authentication action
Failure unspecified at GSS-API level (Mechanism level: Clock skew too great (37))
Resolution:
This is an external Kerberos issue. For security reasons (to avoid replay attacks) Kerberos requires the time on the KDC and the systems involved to be “loosely” synchronized. This means that the systems are allowed to be out of sync with the KDC within 5 minutes, which is the default. Clock skew too great means that the difference for the time (date+time) between the server and client is more than 5 minutes. To resolve the issue, ensure that the time is synchronized between all the machines involved - the KDC (Usually Active Directory server), TIBCO Spotfire server, Node manager, and the clients accessing the Spotfire server. For more details, please refer to this Microsoft article: https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10)?redirectedfrom=MSDN" target="_blank
Comments
0 comments
Article is closed for comments.