On Tue, Aug 03, 2021 at 09:22:19AM -0000, Sam Morris via FreeIPA-users wrote:
You can set this option:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11...
But it breaks one or two things that may or may not be essential
in your environment, so you'll want to test carefully.
...
Thanks, that's exactly what I was looking for.
FreeIPA servers/clients need to be able to communicate IPA servers
securely without using TLS; GSSAPI is used for Kerberos-based
integrity and confidentiality over port 389. The CA component of
FreeIPA is optional, after all. :)
But is it possible to completely disable port 389 if we don't want
any client to ever try non-SSL connections?
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt