Thanks for the quick responses, you have both answered everything I was
On Tue, Mar 29, 2016 at 9:48 AM, Alexander Bokovoy <aboko...@redhat.com>
> On Tue, 29 Mar 2016, Simo Sorce wrote:
>> On Tue, 2016-03-29 at 08:51 -0600, Master P. wrote:
>>> I am using FreeIPA on the cloud and am worried about MITM attacks. I'm
>>> assuming all network traffic can be easily read and possibly manipulated
>>> an attacker.
>>> When following
>>> some of the listed ports for FreeIPA (80 and 389) are unencrypted ports.
>> The only thing port 80 does is redirect to 443.
> There is also a CA certificate access on port 80 in case LDAP-based
> access didn't work.
> Port 389 is the only use LDAP port and clients will use the STARTTLS
>> command to transition to to a TLS encrypted connection or use GSSAPI and
>> confidentiality to encrypt the traffic.
> Also, any LDAP BIND with password will be refused without STARTTLS
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project