IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix order of synchronizing time when running ipa-client-install

Browse Source 
When running ipa-client-install, it asks for user name, synchronizes time, then asks for user password
which the order could be confusing to some users. This changes ipa-client-install to synchronize time
before prompting for user kerberos authentication.

https://fedorahosted.org/freeipa/ticket/3957

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Gabe
2014-02-18 19:55:56 -07:00
committed by Petr Viktorin
parent 90275e2f54
commit 1f4869a3fa
1 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
ipa-client/ipa-install/ipa-client-install
View File

@@ -2203,6 +2203,25 @@ def install(options, env, fstore, statestore):
# skip this step when run by ipa-server-install as it always configures # skip this step when run by ipa-server-install as it always configures
# hostname if different from system hostname # hostname if different from system hostname
ipaservices.backup_and_replace_hostname(fstore, statestore, options.hostname) ipaservices.backup_and_replace_hostname(fstore, statestore, options.hostname)
if not options.on_master:
# Attempt to sync time with IPA server.
# We assume that NTP servers are discoverable through SRV records in the DNS
# If that fails, we try to sync directly with IPA server, assuming it runs NTP
root_logger.info('Synchronizing time with KDC...')
ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False)
synced_ntp = False
if ntp_servers:
for s in ntp_servers:
synced_ntp = ipaclient.ntpconf.synconce_ntp(s)
if synced_ntp:
break
if not synced_ntp:
synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server[0])
if not synced_ntp:
root_logger.warning("Unable to sync time with IPA NTP " +
"server, assuming the time is in sync. Please check " +
"that 123 UDP port is opened.")
if not options.unattended: if not options.unattended:
if (options.principal is None and options.password is None and if (options.principal is None and options.password is None and
@@ -2216,23 +2235,6 @@ def install(options, env, fstore, statestore):
nolog = tuple() nolog = tuple()
# First test out the kerberos configuration # First test out the kerberos configuration
try: try:
# Attempt to sync time with IPA server.
# We assume that NTP servers are discoverable through SRV records in the DNS
# If that fails, we try to sync directly with IPA server, assuming it runs NTP
root_logger.info('Synchronizing time with KDC...')
ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False)
synced_ntp = False
if ntp_servers:
for s in ntp_servers:
synced_ntp = ipaclient.ntpconf.synconce_ntp(s)
if synced_ntp:
break
if not synced_ntp:
synced_ntp = ipaclient.ntpconf.synconce_ntp(cli_server[0])
if not synced_ntp:
root_logger.warning("Unable to sync time with IPA NTP " +
"server, assuming the time is in sync. Please check " +
"that 123 UDP port is opened.")
(krb_fd, krb_name) = tempfile.mkstemp() (krb_fd, krb_name) = tempfile.mkstemp()
os.close(krb_fd) os.close(krb_fd)
if configure_krb5_conf( if configure_krb5_conf(