Bug 476319

Summary: KDC does not listen on TCP by default
Product: [Retired] freeIPA Reporter: Simo Sorce <ssorce>
Component: ipa-serverAssignee: Simo Sorce <ssorce>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: low    
Version: 1.2CC: benl, dpal, jgalipea, rcritten
Target Milestone: v2 release   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-27 07:13:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020    
Attachments:
Description Flags
Enable tcp port 88 by default on install none

Description Simo Sorce 2008-12-13 01:14:57 UTC 
The krb5kdc service does not listen by default on tcp, it probably should.
Comment 1 Simo Sorce 2008-12-13 01:16:42 UTC 
Created attachment 326798 [details]
Enable tcp port 88 by default on install

This patch enables the kdc to listen on tcp port 88 as well when we do a new install.
Existing installation will need to decide if they want to enable it by adding the same change to /var/kerberos/krb5kdc/kdc.conf
Comment 2 Rob Crittenden 2010-02-15 19:52:44 UTC 
committed to master: 077d6a0d3591106c189dd72278668d0669c176a1
Comment 4 Jenny Severance 2011-06-10 18:41:31 UTC 
verified

]# cat /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
 kdc_ports = 88
 kdc_tcp_ports = 88
 restrict_anonymous_to_tgt = true

[realms]
 TESTRELM = {
  master_key_type = aes256-cts
  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
  max_life = 7d
  max_renewable_life = 14d
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  default_principal_flags = +preauth
;  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  pkinit_identity = FILE:/var/kerberos/krb5kdc/kdc.pem
  pkinit_anchors = FILE:/var/kerberos/krb5kdc/cacert.pem
 }

# rpm -qi ipa-server | head
Name        : ipa-server                   Relocations: (not relocatable)
Version     : 2.0.0                             Vendor: Red Hat, Inc.
Release     : 23.el6                        Build Date: Wed 20 Apr 2011 09:57:13 AM EDT
Install Date: Thu 19 May 2011 12:47:52 PM EDT      Build Host: x86-003.build.bos.redhat.com
Group       : System Environment/Base       Source RPM: ipa-2.0.0-23.el6.src.rpm
Size        : 2565882                          License: GPLv3+
Signature   : RSA/8, Thu 21 Apr 2011 03:48:25 PM EDT, Key ID 199e2f91fd431d51
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://www.freeipa.org/
Summary     : The IPA authentication server