I am using FreeIPA on the cloud and am worried about MITM attacks.  I'm
assuming all network traffic can be easily read and possibly manipulated by
an attacker.

When following
some of the listed ports for FreeIPA (80 and 389) are unencrypted ports.

Should this be a concern or does FreeIPA only use those ports to send
non-sensitive information.  If I disable just the unencrypted ports on my
clients will everything still work?

I don't understand Kerberos much so the same question applies to its ports
as well (88 and 464).

I am also using FreeIPA for DNS but it looks like DNSSEC is not enabled by
default, does this mean an attacker hijacking the DNS connections can get
into my system?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to