From 2703be51c85fd8a64613c15b1aba565ca08c48b4 Mon Sep 17 00:00:00 2001 From: Karl MacMillan Date: Mon, 22 Oct 2007 11:58:31 -0400 Subject: Print warning about NTP After looking into setting up ntpd on the IPA servers I decided it was better just to warn admins. There are just too many valid setups for time synchronization for us to try to get this right. Additionally, just installing ntp and accepting the default config will result in a configuration that is perfectly valid for IPA. This patch checks if ntpd is running and suggests enabling it if it is not - for client and server. It also adds some suggested next steps to the server installation. --- ipa-client/ipa-install/ipa-client-install | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'ipa-client/ipa-install') diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 895756c66..0e89a66b5 100644 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -67,6 +67,14 @@ def logging_setup(options): console.setFormatter(formatter) logging.getLogger('').addHandler(console) +def check_ntp(): + ret_code = 1 + p = subprocess.Popen(["/sbin/service", "ntpd", "status"], stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = p.communicate() + + return p.returncode + def main(): options = parse_options() logging_setup(options) @@ -200,6 +208,11 @@ def main(): #Modify pam to add pam_krb5 run(["/usr/sbin/authconfig", "--enablekrb5", "--update"]) + # print warning about ntp + if check_ntp() != 0: + print "WARNING: Kerberos requires time synchronization between clients" + print "and servers for correct operation. You should consider enabling ntpd." + return 0 main() -- cgit