[Freeipa-users] KPasswd TCP issues
ninibaba at worldd.org
ninibaba at worldd.org
Tue Feb 19 17:49:42 UTC 2013
I used IPA from the CentOS 6 repositories and I am having an issue I
can't seem to solve. I installed a server and a client with no
issues, but upon Nessus scans of the server, port 464 kpasswd UDP was
flagged for a ping-pong DoS attack. With this information I noticed
kpasswd also listens on TCP 464 which I understand was used for over-sized
requests and other errors. I attempted to IPTABLES block UDP for
kerberos which resulted in kpasswd no longer functioning from the client.
Kerberos authentication defaults to TCP without issue, but no matter
what i cannot get the client to use TCP for kpasswd. Is there a way
to force kpasswd on the client to use TCP (i was under the understanding
that if UDP failed TCP would be attempted). I am running the latest
from the CentOS 6 repo's on both server and client. Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130219/edb32ee3/attachment.htm>
More information about the Freeipa-users
mailing list