On 20.12.21 10:21, Natxo Asenjo via FreeIPA-users wrote:
> hi,
>
> On Mon, Dec 20, 2021 at 8:36 AM Ronald Wimmer via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> Hi,
>>
>>
>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#prereq-ports
>> states a list of required ports but is a little vague.
>>
>> Besides NTP and DNS which ports are really essential to be open? And in
>> which direction? TCP/UDP?
>>
>> - on an IPA server (all of the listed ports in both directions?)
>>
>
> take a look at table 2.1 on the document you link to. If you do not run dns
> or ntp, you do not need to open those ports obviously. The basic
> functionality is ldap (389/636 tcp) and kerberos (88/464 udp/tcp). Plus the
> api which requires 80/443 tcp. DNS and ntp can be run on other hosts but it
> makes it harder really.
OK. All these ports have to be open on the server side. Even port 80? I
know about STARTTLS for port 389 but can't a connection be established
on port 636 from the beginning?
Kerberos needs both, TCP and UDP?
But which ports have to be open on an IPA client? None?