[Freeipa-devel] [PATCH] 098 stop checking for CA ports

Rob Crittenden rcritten at redhat.com
Thu Sep 1 14:07:16 UTC 2011


Simo Sorce wrote:
> On Thu, 2011-09-01 at 08:21 -0400, Simo Sorce wrote:
>> On Thu, 2011-09-01 at 08:10 -0400, Simo Sorce wrote:
>>> On Wed, 2011-08-31 at 23:51 -0400, Rob Crittenden wrote:
>>>> Simo Sorce wrote:
>>>>> We use the new proxy code for dogtag now, so we do not need to open all
>>>>> the CA ports as all connections go through the standard https port.
>>>>>
>>>>> Fixes https://fedorahosted.org/freeipa/ticket/1745
>>>>>
>>>>> Simo.
>>>>
>>>> nack. dogtag replication still takes place over 7389.
>>>
>>> Ouch, I am so glad we have a review process :-)
>>
>> New patch.
>
> After a quick convo with Rob on IRC I added a few ports that we should
> always test.
> 80/443 is also necessary for CA replication but they are always checked
> anyway because it is a basic services that should always be available.
>
> Simo.
>

ACK




More information about the Freeipa-devel mailing list