Comment 18 for bug 978127

I just encountered this in precise MAAS, on brand new metal nodes which had dates sometime in 2011. Adding the NTP hack to the ephemeral image helped get around it. (Thanks for the recipe, Jeff! FYI, a public NTP server can work just as well, ntp.ubuntu.com in my case.)

Scott Moser: "Basically, if we fail by 403 unauthorized, we set a "skew" (skew = local_current_time - server_response_time) and future requests will have the oauth header time adjusted by that skew."

Here's the problem though. From what I saw, the MAAS server was returning 401 because of the skewed oauth, not 403. I can provide tcpdump captures if desired.