I cannot log in, it repeatedly fails for me

mozilla / vinz-clortho

INACTIVE - http://mzl.la/ghe-archive - BrowserID Keymaster for LDAP enabled Identity Providers

16 stars 21 forks source link

I cannot log in, it repeatedly fails for me #83

Closed lloyd closed 11 years ago

lloyd commented 11 years ago

Jake Maul, @oxten, and @karlht hit this issue.

Case is when a user logs in via us-west-1 the login fails with an error in the persona dialog, it looks like this: stdm

lloyd commented 11 years ago

jakem helped live diagnose this, and we're seeing certificates issued 12s in the future from the time assertions are issued. this suggests clock skew and seems to be originating from the us-west-1 region.

@mostlygeek - can you audit clock skew on all boxes, report what kind of skew you see, add monitoring to alert if > 2s of skew is detected, and get us synced via ntpd on all machines?

How complex is this?

lloyd commented 11 years ago

see precise steps to reproduce in #85. closing that down in favor of this because this one has a screen shot.

lloyd commented 11 years ago

Further confirmation reported in IRC by @jrgm:

[14:00:07] <jrgm>    Hey, the clock on login.mozilla.org is not correct.
[14:00:25] <jrgm>    I can see this in the Date: header responses.
[14:01:58] <jrgm>    and it's about 12 seconds off.

mostlygeek commented 11 years ago

I'm on it!

lloyd commented 11 years ago

:heart: and :beer:

mostlygeek commented 11 years ago

Fixed

ozten commented 11 years ago

Verified - WFM