Which network ports are used by Identity Management (IdM)?
Environment
- Red Hat Enterprise Linux (ALL)
- Identity Management (IdM)
- IPA Server
- IPA Client
Issue
- Which network ports are used by Identity Management (IdM)/IPA ?
- What network ports are used by Identity Management (IdM)?
- Which ports does Identity Management (IdM)/IPA require?
- Which firewall ports must I open for IdM (IPA)?
- Which firewall ports need to be opened for functioning of IPA server and clients ?
Resolution
IdM Clients -> IdM Server
Name | Destination-port/Type | Purpose |
---|---|---|
HTTP/HTTPS | 80,443/TCP | IPA WebUI, API and CLI tools communication |
LDAP/LDAPS | 389,636/TCP | directory service communication |
Kerberos | 88,464/TCP and UDP | communication for authentication, kpasswd password changes |
DNS | 53/TCP and UDP | optional, nameservice, used also for autodiscovery, autoregistration and High Availability Authentication(sssd) |
NTP | 123/UDP | optional, network time protocol, deprecated in RHEL 8+ |
IdM Server IdM Server (between two replicas)
Name | Destination-port/Type | Purpose |
---|---|---|
HTTP/HTTPS | 80,443/TCP | IPA WebUI, API and CLI tools communication |
LDAP/LDAPS | 389,636/TCP | directory service communication |
Kerberos | 88,464/TCP and UDP | communication for authentication, kpasswd password changes |
DNS | 53/TCP and UDP | optional, name service, used also for autodiscovery, auto registration and High Availability Authentication(sssd) |
NTP | 123/UDP | optional, network time protocol, deprecated in RHEL 8+ |
kadmind | 749/TCP | localhost only, KDC administration, do not open to network! |
Tomcat - PKI frontend | 8005,8009,8080,8443 /TCP | localhost only, CA-enabled IPA replicas use ports 8005,8009,8080 and 8443 (TCP/TCP6) to communicate with components of the Certificate Authority services on the 127.0.0.1 and ::1 local interface addresses, do not open to network! |
PKI LDAP | 7389/TCP | RHEL 6- only, Server and replica communication for PKI subtree, deprecated |
Replica conf | 9443,9444,9445/TCP | RHEL 6- only, Replica configuration, only needed during initial replica installation, deprecated |
Note:
- For migration plan, during install process is also required the port 8443/tcp allowed on Rhel 7 replicas. Please refer to the documentation
To enable communication between AD domain controllers and IdM servers, refer to What ports and services are required to setup IPA, AD two-way trust?
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments