[Freeipa-users] Enabling ntp if not done during ipa-server-install
Simo Sorce
simo at redhat.com
Fri Aug 15 19:51:25 UTC 2014
On Fri, 2014-08-15 at 20:46 +0200, Petr Viktorin wrote:
> On 08/15/2014 08:11 PM, Lucas Yamanishi wrote:
> > On 08/15/2014 10:33 AM, Redmond, Stacy wrote:
> >
> >> I installed my ipa server with –no-ntp but find that I want to enable
> >> it on my server, and all my replicas. Is it possible to do post install?
>
> > Yes, you can do that. There’s no |ipa-ntp-install| command, because /NTP
> > isn’t integrated with FreeIPA as much as it’s a good idea to run it
> > along side FreeIPA/; Kerberos and other crypto operations depend on good
> > time-sync. All you need to do to [...]
>
> Thanks for the instructions, Lucas.
>
>
> Adding it may be easy, but users don't necessarily know that, so it
> would make sense to provide an ipa-ntp-install command to take care of
> all the details.
> I filed a RFE for ipa-ntp-install:
> https://fedorahosted.org/freeipa/ticket/4497
IIRC Ntpd also supports an interface (may require patching) to allow
signing packets (I remember vaguely samba AD has an interface for this).
Maybe we should open a ticket to make use of that too and really
formally integrate and configure ntpd to sign outgoing packets.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list