conncheck: Fix List of ports to check

We need to check all Kerberos ports both TCP and UDP transports.

Since we have the PKI proxy configuration all communication with the CA happens
on the standard 80/443 ports so we need to check them always.
We do not need to leave the old CA ports open. These ports are still used
locally but not over the network.

1 files changed, 6 insertions, 6 deletions

diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 792957988..ac1817e5d 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -50,16 +50,16 @@ class CheckedPort(object):
 BASE_PORTS = [
                 CheckedPort(389, True, "Directory Service: Unsecure port"),
                 CheckedPort(636, True, "Directory Service: Secure port"),
-                CheckedPort(88, False, "Kerberos"),
+                CheckedPort(88, True, "Kerberos KDC: TCP"),
+                CheckedPort(88, False, "Kerberos KDC: UDP"),
+                CheckedPort(464, True, "Kerberos Kpasswd: TCP"),
+                CheckedPort(464, False, "Kerberos Kpasswd: UDP"),
+                CheckedPort(80, True, "HTTP Server: port 80"),
+                CheckedPort(443, True, "HTTP Server: port 443(https)"),
              ]
 
 CA_PORTS  = [
                 CheckedPort(7389, True, "PKI-CA: Directory Service port"),
-                CheckedPort(9443, True, "PKI-CA: Agent secure port"),
-                CheckedPort(9444, True, "PKI-CA: EE secure port"),
-                CheckedPort(9445, True, "PKI-CA: Admin secure port"),
-                CheckedPort(9446, True, "PKI-CA: EE secure client auth port"),
-                CheckedPort(9180, True, "PKI-CA: Unsecure port"),
             ]
 
 def print_info(msg):