On 20.12.21 10:21, Natxo Asenjo via FreeIPA-users wrote:
hi,
On Mon, Dec 20, 2021 at 8:36 AM Ronald Wimmer via FreeIPA-users <
[email protected]> wrote:
Hi,
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#prereq-ports
states a list of required ports but is a little vague.
Besides NTP and DNS which ports are really essential to be open? And in
which direction? TCP/UDP?
- on an IPA server (all of the listed ports in both directions?)
take a look at table 2.1 on the document you link to. If you do not run dns
or ntp, you do not need to open those ports obviously. The basic
functionality is ldap (389/636 tcp) and kerberos (88/464 udp/tcp). Plus the
api which requires 80/443 tcp. DNS and ntp can be run on other hosts but it
makes it harder really.
OK. All these ports have to be open on the server side. Even port 80? I
know about STARTTLS for port 389 but can't a connection be established
on port 636 from the beginning?
Kerberos needs both, TCP and UDP?
But which ports have to be open on an IPA client? None?
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
