[Freeipa-users] freeipa unsecured ports & MITM
Master P.
junkmafia89 at gmail.com
Tue Mar 29 15:53:34 UTC 2016
Thanks for the quick responses, you have both answered everything I was
looking for!
On Tue, Mar 29, 2016 at 9:48 AM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Tue, 29 Mar 2016, Simo Sorce wrote:
>
>> On Tue, 2016-03-29 at 08:51 -0600, Master P. wrote:
>>
>>> Hello,
>>>
>>> I am using FreeIPA on the cloud and am worried about MITM attacks. I'm
>>> assuming all network traffic can be easily read and possibly manipulated
>>> by
>>> an attacker.
>>>
>>> When following
>>>
>>> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
>>> ,
>>> some of the listed ports for FreeIPA (80 and 389) are unencrypted ports.
>>>
>>
>> The only thing port 80 does is redirect to 443.
>>
> There is also a CA certificate access on port 80 in case LDAP-based
> access didn't work.
>
> Port 389 is the only use LDAP port and clients will use the STARTTLS
>> command to transition to to a TLS encrypted connection or use GSSAPI and
>> confidentiality to encrypt the traffic.
>>
> Also, any LDAP BIND with password will be refused without STARTTLS
> command.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160329/e1b94896/attachment.htm>
More information about the Freeipa-users
mailing list