Audience:
System administrators responsible for KDCs and and application servers which are secured using Kerberos.
End users should not need to take any actions specific to Kerberos for this issue.
MIT users may also be interested in IS&T's summary page regarding 2007 Daylight Saving Time Changes.
Kerberos and the 2007 changes to Daylight Saving Time (DST) rules:
The year 2007 brings with it a change in Daylight Saving Time (DST) rules. A provision of the Energy Policy Act of 2005 changed DST to begin three weeks earlier and end one week later, effective in 2007. Starting this year, DST will begin the second week of March and end the first week in November (March 11 and November 4 in 2007). This is the first modification to the DST rules in the United States in 20 years. Other areas that follow US DST rules, including Canada and Bermuda but not Mexico, are similarly affected.
...
Note that not all applications servers will handle this situation identically. Most application servers should still have a consistent correct value for UTC. However, there There may be some operating systems which will assert an incorrect UTC value if they have not been updated with the new DST rules. Note that this will include platforms where the hardware clock references local time, in other words many Windows and Linux systems are likely to be affected.
Scenario 3: Many of the client computers and application servers operating systems have been patched with updates to the DST rules but the Kerberos KDCs have not been updated.
Most operating systems which are likely to host a KDC should still have a consistent, correct value for UTC. However, there may be some operating systems which will assert an incorrect UTC value if they have not been updated with the new DST rules. This scenario should have very similar results to scenario 3 above. Please refer to the caveats in senario 3, above.