Hello, I am using FreeIPA on the cloud and am worried about MITM attacks. I'm assuming all network traffic can be easily read and possibly manipulated by an attacker.
When following https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html, some of the listed ports for FreeIPA (80 and 389) are unencrypted ports. Should this be a concern or does FreeIPA only use those ports to send non-sensitive information. If I disable just the unencrypted ports on my clients will everything still work? I don't understand Kerberos much so the same question applies to its ports as well (88 and 464). I am also using FreeIPA for DNS but it looks like DNSSEC is not enabled by default, does this mean an attacker hijacking the DNS connections can get into my system? Thanks, Alex
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
