Thanks for the quick responses, you have both answered everything I was
looking for!

On Tue, Mar 29, 2016 at 9:48 AM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

> On Tue, 29 Mar 2016, Simo Sorce wrote:
>
>> On Tue, 2016-03-29 at 08:51 -0600, Master P. wrote:
>>
>>> Hello,
>>>
>>> I am using FreeIPA on the cloud and am worried about MITM attacks.  I'm
>>> assuming all network traffic can be easily read and possibly manipulated
>>> by
>>> an attacker.
>>>
>>> When following
>>>
>>> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
>>> ,
>>> some of the listed ports for FreeIPA (80 and 389) are unencrypted ports.
>>>
>>
>> The only thing port 80 does is redirect to 443.
>>
> There is also a CA certificate access on port 80 in case LDAP-based
> access didn't work.
>
> Port 389 is the only use LDAP port and clients will use the STARTTLS
>> command to transition to to a TLS encrypted connection or use GSSAPI and
>> confidentiality to encrypt the traffic.
>>
> Also, any LDAP BIND with password will be refused without STARTTLS
> command.
>
> --
> / Alexander Bokovoy
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to