Corection, kerberos & nfs difference between client and server generally should not be more than 5 seconds, so above should be +/-2.5 second.
That's a protocol design bug.
Specifically, there's actually no reason that protocol traffic wouldn't include a "this is my idea of the current time" in the requests and responses so that delta times could be locally calculated from the packet contents on the receiving end. This would work, no problem, for a protocol like NFS.
Kerberos is more of an issue, but since all parties have to trust the ticket granting system as the trusted third party -- so you might a well trust their timestamp as well, since you've already established a trust chain dependency on the third party. You mode the protocol to send the timestamp within the security association, and you are golden (regardless of whether you are running an adjusted or monotonic clock).
This is how DCE RPC handles byte order: receiver translates to local byte order -- if the byte order is different. If it's not, then there's no need for translation, and it saves CPU on both ends of the connection. Receiver translates to a delta time from which the timestamps are derived, and timesync is no longer a problem.