diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-02-01 17:12:17 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-26 18:08:59 -0500 |
commit | 306bdccfa4ef02d72bbd4103ad413bd4ed024177 (patch) | |
tree | 3f38fb859f5d713f7f36399aa9e403eca896c029 /setup-client.py | |
parent | cbb3bfae23267270e1310c1c1e23b1aed78fe9c6 (diff) | |
download | freeipa-306bdccfa4ef02d72bbd4103ad413bd4ed024177.tar.gz freeipa-306bdccfa4ef02d72bbd4103ad413bd4ed024177.tar.xz freeipa-306bdccfa4ef02d72bbd4103ad413bd4ed024177.zip |
Sanitize UDP checks in conncheck
UDP port checks in ipa-replica-conncheck always returns OK even
if they are closed by a firewall. They cannot be reliably checked
in the same way as TCP ports as there is no session management as
in TCP protocol. We cannot guarantee a response on the checked
side without our own echo server bound to checked port.
This patch removes UDP port checks in replica->master direction
as we would have to implement (kerberos) protocol-wise check
to make the other side actually respond. A list of skipped
ports is printed for user.
Direction master->replica was fixed and now it is able to report
error when the port is blocked.
https://fedorahosted.org/freeipa/ticket/2062
Diffstat (limited to 'setup-client.py')
0 files changed, 0 insertions, 0 deletions