On Fri, 2014-08-15 at 20:46 +0200, Petr Viktorin wrote:
> On 08/15/2014 08:11 PM, Lucas Yamanishi wrote:
> > On 08/15/2014 10:33 AM, Redmond, Stacy wrote:
> >
> >> I installed my ipa server with –no-ntp but find that I want to enable
> >> it on my server, and all my replicas.  Is it possible to do post install?
> 
> > Yes, you can do that. There’s no |ipa-ntp-install| command, because /NTP
> > isn’t integrated with FreeIPA as much as it’s a good idea to run it
> > along side FreeIPA/; Kerberos and other crypto operations depend on good
> > time-sync. All you need to do to [...]
> 
> Thanks for the instructions, Lucas.
> 
> 
> Adding it may be easy, but users don't necessarily know that, so it 
> would make sense to provide an ipa-ntp-install command to take care of 
> all the details.
> I filed a RFE for ipa-ntp-install: 
> https://fedorahosted.org/freeipa/ticket/4497

IIRC Ntpd also supports an interface (may require patching) to allow
signing packets (I remember vaguely samba AD has an interface for this).

Maybe we should open a ticket to make use of that too and really
formally integrate and configure ntpd to sign outgoing packets.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to