Kelvin Edmison wrote:
It turns out I had missed the UDP ports for kerberos (88) and kpasswd (464)
in the firewall configuration.

I had the TCP ports open, just not the UDP ones.  I missed the fine print
that said these two ports had to be open via both TCP and UDP. I think this
constitutes a vote of support for
https://fedorahosted.org/freeipa/ticket/2110 :)

While on the topic of firewall configuration, why are the list of ports
different in bug 2110 versus the Red Hat IPA documentation
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_M
anagement_Guide/Preparing_for_an_IPA_Installation.html ?

Bug 2110 appears to skip all the dogtag ports, even though the RedHat IPA
document says that they 'cannot be in use by another service or blocked by a
firewall'.

dogtag is now proxied behind the Apache web server so ports 9xxx no longer need to be open.

I'll get the docs updated.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to