summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-replica-conncheck
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-08-31 14:07:56 -0400
committerSimo Sorce <ssorce@redhat.com>2011-09-01 10:10:18 -0400
commit15cada3733046d4407df5d1269c040a6a7872ca9 (patch)
treeeacb3433329ea4ecb1155000542cba1e4bb8d1af /install/tools/ipa-replica-conncheck
parent801dc97adbf9eacd16c67c188500f148d9507b12 (diff)
downloadfreeipa-15cada3733046d4407df5d1269c040a6a7872ca9.tar.gz
freeipa-15cada3733046d4407df5d1269c040a6a7872ca9.tar.xz
freeipa-15cada3733046d4407df5d1269c040a6a7872ca9.zip
conncheck: Fix List of ports to check
We need to check all Kerberos ports both TCP and UDP transports. Since we have the PKI proxy configuration all communication with the CA happens on the standard 80/443 ports so we need to check them always. We do not need to leave the old CA ports open. These ports are still used locally but not over the network.
Diffstat (limited to 'install/tools/ipa-replica-conncheck')
-rwxr-xr-xinstall/tools/ipa-replica-conncheck12
1 files changed, 6 insertions, 6 deletions
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 792957988..ac1817e5d 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -50,16 +50,16 @@ class CheckedPort(object):
BASE_PORTS = [
CheckedPort(389, True, "Directory Service: Unsecure port"),
CheckedPort(636, True, "Directory Service: Secure port"),
- CheckedPort(88, False, "Kerberos"),
+ CheckedPort(88, True, "Kerberos KDC: TCP"),
+ CheckedPort(88, False, "Kerberos KDC: UDP"),
+ CheckedPort(464, True, "Kerberos Kpasswd: TCP"),
+ CheckedPort(464, False, "Kerberos Kpasswd: UDP"),
+ CheckedPort(80, True, "HTTP Server: port 80"),
+ CheckedPort(443, True, "HTTP Server: port 443(https)"),
]
CA_PORTS = [
CheckedPort(7389, True, "PKI-CA: Directory Service port"),
- CheckedPort(9443, True, "PKI-CA: Agent secure port"),
- CheckedPort(9444, True, "PKI-CA: EE secure port"),
- CheckedPort(9445, True, "PKI-CA: Admin secure port"),
- CheckedPort(9446, True, "PKI-CA: EE secure client auth port"),
- CheckedPort(9180, True, "PKI-CA: Unsecure port"),
]
def print_info(msg):