From a85dfd64bd18635d1bbe3cfb081d5ea1311c8d59 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Wed, 31 Aug 2011 14:07:56 -0400
Subject: conncheck: Fix List of ports to check

We need to check all Kerberos ports both TCP and UDP transports.

Since we have the PKI proxy configuration all communication with the CA happens
on the standard 80/443 ports so we need to check them always.
We do not need to leave the old CA ports open. These ports are still used
locally but not over the network.
---
 install/tools/ipa-replica-conncheck | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 792957988..ac1817e5d 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -50,16 +50,16 @@ class CheckedPort(object):
 BASE_PORTS = [
                 CheckedPort(389, True, "Directory Service: Unsecure port"),
                 CheckedPort(636, True, "Directory Service: Secure port"),
-                CheckedPort(88, False, "Kerberos"),
+                CheckedPort(88, True, "Kerberos KDC: TCP"),
+                CheckedPort(88, False, "Kerberos KDC: UDP"),
+                CheckedPort(464, True, "Kerberos Kpasswd: TCP"),
+                CheckedPort(464, False, "Kerberos Kpasswd: UDP"),
+                CheckedPort(80, True, "HTTP Server: port 80"),
+                CheckedPort(443, True, "HTTP Server: port 443(https)"),
              ]
 
 CA_PORTS  = [
                 CheckedPort(7389, True, "PKI-CA: Directory Service port"),
-                CheckedPort(9443, True, "PKI-CA: Agent secure port"),
-                CheckedPort(9444, True, "PKI-CA: EE secure port"),
-                CheckedPort(9445, True, "PKI-CA: Admin secure port"),
-                CheckedPort(9446, True, "PKI-CA: EE secure client auth port"),
-                CheckedPort(9180, True, "PKI-CA: Unsecure port"),
             ]
 
 def print_info(msg):
-- 
cgit