I used IPA from the CentOS 6 repositories and I am having an issue I can't seem to solve. �I installed a server and a client with no issues, but upon Nessus scans of the server, port 464 kpasswd UDP was flagged for a ping-pong DoS attack. �With this information I noticed kpasswd also listens on TCP 464 which I understand was used for over-sized requests and other errors. �I attempted to IPTABLES block UDP for kerberos which resulted in kpasswd no longer functioning from the client. �Kerberos authentication defaults to TCP without issue, but no matter what i cannot get the client to use TCP for kpasswd. �Is there a way to force kpasswd on the client to use TCP (i was under the understanding that if UDP failed TCP would be attempted). �I am running the latest from the CentOS 6 repo's on both server and client. �Thank you!
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
