On Fri, 2014-08-15 at 20:46 +0200, Petr Viktorin wrote: > On 08/15/2014 08:11 PM, Lucas Yamanishi wrote: > > On 08/15/2014 10:33 AM, Redmond, Stacy wrote: > > > >> I installed my ipa server with –no-ntp but find that I want to enable > >> it on my server, and all my replicas. Is it possible to do post install? > > > Yes, you can do that. There’s no |ipa-ntp-install| command, because /NTP > > isn’t integrated with FreeIPA as much as it’s a good idea to run it > > along side FreeIPA/; Kerberos and other crypto operations depend on good > > time-sync. All you need to do to [...] > > Thanks for the instructions, Lucas. > > > Adding it may be easy, but users don't necessarily know that, so it > would make sense to provide an ipa-ntp-install command to take care of > all the details. > I filed a RFE for ipa-ntp-install: > https://fedorahosted.org/freeipa/ticket/4497
IIRC Ntpd also supports an interface (may require patching) to allow signing packets (I remember vaguely samba AD has an interface for this). Maybe we should open a ticket to make use of that too and really formally integrate and configure ntpd to sign outgoing packets. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
