diff options
| author | Gabe <redhatrises@gmail.com> | 2014-02-18 19:55:56 -0700 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-20 10:58:09 +0100 |
| commit | 1f4869a3fa35b837b7734146a30249a294d0ad4e (patch) | |
| tree | fbf276a557bbd7eb71eda600bcae2ce4e4334f5c /ipa-client | |
| parent | 90275e2f541413d2fe1a20bbbca381d4117f8712 (diff) | |
| download | freeipa-1f4869a3fa35b837b7734146a30249a294d0ad4e.tar.gz freeipa-1f4869a3fa35b837b7734146a30249a294d0ad4e.tar.xz freeipa-1f4869a3fa35b837b7734146a30249a294d0ad4e.zip | |
Fix order of synchronizing time when running ipa-client-install
When running ipa-client-install, it asks for user name, synchronizes time, then asks for user password
which the order could be confusing to some users. This changes ipa-client-install to synchronize time
before prompting for user kerberos authentication.
https://fedorahosted.org/freeipa/ticket/3957
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipa-client')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 7cc0c3397..22bf2a183 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -2203,6 +2203,25 @@ def install(options, env, fstore, statestore): # skip this step when run by ipa-server-install as it always configures # hostname if different from system hostname ipaservices.backup_and_replace_hostname(fstore, statestore, options.hostname) + + if not options.on_master: + # Attempt to sync time with IPA server. + # We assume that NTP servers are discoverable through SRV records in the DNS + # If that fails, we try to sync directly with IPA server, assuming it runs NTP + root_logger.info('Synchronizing time with KDC...') + ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False) + synced_ntp = False + if ntp_servers: + for s in ntp_servers: + synced_ntp = ipaclient.ntpconf.synconce_ntp(s) + if synced_ntp: + break + if not synced_ntp: + synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server[0]) + if not synced_ntp: + root_logger.warning("Unable to sync time with IPA NTP " + + "server, assuming the time is in sync. Please check " + + "that 123 UDP port is opened.") if not options.unattended: if (options.principal is None and options.password is None and @@ -2216,23 +2235,6 @@ def install(options, env, fstore, statestore): nolog = tuple() # First test out the kerberos configuration try: - # Attempt to sync time with IPA server. - # We assume that NTP servers are discoverable through SRV records in the DNS - # If that fails, we try to sync directly with IPA server, assuming it runs NTP - root_logger.info('Synchronizing time with KDC...') - ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False) - synced_ntp = False - if ntp_servers: - for s in ntp_servers: - synced_ntp = ipaclient.ntpconf.synconce_ntp(s) - if synced_ntp: - break - if not synced_ntp: - synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server[0]) - if not synced_ntp: - root_logger.warning("Unable to sync time with IPA NTP " + - "server, assuming the time is in sync. Please check " + - "that 123 UDP port is opened.") (krb_fd, krb_name) = tempfile.mkstemp() os.close(krb_fd) if configure_krb5_conf( |