clockdrift

clockdrift.js

Node script for detecting clock drift on remote web servers

• Author: Rich Trott
• Copyright: Regents of the University of California (c) 2012
• License: MIT

What is it?

Shibboleth authentication via simpleSAMLphp broke on one of our apps when the system clock on the Shibboleth server drifted more than a minute into the future.

I am not the administrator of that machine and I don't know if they fixed whatever was causing the problem. But it occured to me that even with no access to the server, I could detect clock drift by examining the date stamp in HTTP headers from the server.

So, I wrote this tool to use in a crontab.

How do I install it?

npm install -g clockdrift

How do I use it?

clockdrift 15 http://www.example.com/ https://www.example.net/

The first argument is the drift tolerance in seconds. Clocks that are off from your local clock by less than the specified number of seconds (15 in the example above) will not be reported. Use -1 to receive notices about all clocks even if they are set precisely.

By the way, since the tool uses your clock as the canonical clock, it's good to take steps to make sure that your system clock isn't the problem. I include the Naval Observatory clock URL at http://tycho.usno.navy.mil/ in my cron job to make sure that it's not my system clock that is off as opposed to the remote server clock.

The remaining arguments are the URLs that the tool should connect to in order to retrieve timestamps. In the example above, we are checking the clocks on www.example.com and www.example.net.

The tool assumes that you have a fast connection and/or are on a network that is nearby the servers you are checking. Therefore, a one second timeout is hardcoded. This insures against false positives due to slow network connections.