hi, sorry, replied to OP directly, not the list.
On Mon, Dec 20, 2021 at 1:11 PM Ronald Wimmer <[email protected]> wrote: > On 20.12.21 10:21, Natxo Asenjo via FreeIPA-users wrote: > > hi, > > > > On Mon, Dec 20, 2021 at 8:36 AM Ronald Wimmer via FreeIPA-users < > > [email protected]> wrote: > > > >> Hi, > >> > >> > >> > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#prereq-ports > >> states a list of required ports but is a little vague. > >> > >> Besides NTP and DNS which ports are really essential to be open? And in > >> which direction? TCP/UDP? > >> > >> - on an IPA server (all of the listed ports in both directions?) > >> > > > > take a look at table 2.1 on the document you link to. If you do not run > dns > > or ntp, you do not need to open those ports obviously. The basic > > functionality is ldap (389/636 tcp) and kerberos (88/464 udp/tcp). Plus > the > > api which requires 80/443 tcp. DNS and ntp can be run on other hosts but > it > > makes it harder really. > > OK. All these ports have to be open on the server side. Even port 80? I > know about STARTTLS for port 389 but can't a connection be established > on port 636 from the beginning? > ocsp checks need to happen on port 80. You may close port 389, stuff might break, you keep all the little pieces ;-) This is specifically indicated on the document you link to, under table 2.1, see 'note'. > > Kerberos needs both, TCP and UDP? > yes > But which ports have to be open on an IPA client? None? > re-read my reply earlier. -- regards, natxo
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
