I used IPA from the CentOS 6 repositories and I am having an issue I
can't seem to solve. �I installed a server and a client with no
issues, but upon Nessus scans of the server, port 464 kpasswd UDP was
flagged for a ping-pong DoS attack. �With this information I noticed
kpasswd also listens on TCP 464 which I understand was used for over-sized
requests and other errors. �I attempted to IPTABLES block UDP for
kerberos which resulted in kpasswd no longer functioning from the client.
�Kerberos authentication defaults to TCP without issue, but no matter
what i cannot get the client to use TCP for kpasswd. �Is there a way
to force kpasswd on the client to use TCP (i was under the understanding
that if UDP failed TCP would be attempted). �I am running the latest
from the CentOS 6 repo's on both server and client. �Thank you!
Freeipa-users mailing list