Thanks for the quick responses, you have both answered everything I was looking for!
On Tue, Mar 29, 2016 at 9:48 AM, Alexander Bokovoy <[email protected]> wrote: > On Tue, 29 Mar 2016, Simo Sorce wrote: > >> On Tue, 2016-03-29 at 08:51 -0600, Master P. wrote: >> >>> Hello, >>> >>> I am using FreeIPA on the cloud and am worried about MITM attacks. I'm >>> assuming all network traffic can be easily read and possibly manipulated >>> by >>> an attacker. >>> >>> When following >>> >>> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html >>> , >>> some of the listed ports for FreeIPA (80 and 389) are unencrypted ports. >>> >> >> The only thing port 80 does is redirect to 443. >> > There is also a CA certificate access on port 80 in case LDAP-based > access didn't work. > > Port 389 is the only use LDAP port and clients will use the STARTTLS >> command to transition to to a TLS encrypted connection or use GSSAPI and >> confidentiality to encrypt the traffic. >> > Also, any LDAP BIND with password will be refused without STARTTLS > command. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
