Which network ports are used by Identity Management (IdM)?
Environment
- Red Hat Enterprise Linux (ALL)
- Identity Management (IdM)
- IPA Server
- IPA Client
Issue
- Which network ports are used by Identity Management (IdM)/IPA ?
- What network ports are used by Identity Management (IdM)?
- Which ports does Identity Management (IdM)/IPA require?
- Which firewall ports must I open for IdM (IPA)?
- Which firewall ports need to be opened for functioning of IPA server and clients ?
Resolution
IdM Clients -> IdM Server
| Name | Destination-port / Type | Purpose |
|---|---|---|
| HTTP/HTTPS | 80 / 443 TCP | WebUI and IPA CLI admin tools communication. |
| LDAP/LDAPS | 389 / 636 TCP | directory service communication. |
| Kerberos | 88 / 464 TCP and UDP | communication for authentication |
| DNS | 53 TCP and UDP | nameservice, used also for autodiscovery, autoregistration and High Availability Authentication(sssd), optional |
| NTP | 123 UDP | network time protocol, optional |
| kadmind | 464 / 749 TCP | used for principal generation, password changes etc. |
IdM Server IdM Server (i.e. Replica)
| Name | Destination-port/Type | Purpose |
|---|---|---|
| HTTP/HTTPS | 80 / 443 TCP | WebUI and IPA CLI admin tools communication. |
| LDAP/LDAPS | 389 / 636 TCP | directory service communication. |
| Kerberos | 88 / 464 TCP and UDP | communication for authentication |
| DNS | 53 / TCP and UDP | name service, used also for autodiscovery, auto registration and High Availability Authentication(sssd), optional |
| NTP | 123 UDP | network time protocol, optional |
| kadmind | 464 / 749 TCP | used only via localhost |
| dogtag | 7389 TCP | Server and replica communication |
| replica conf | 9443 / 9444 / 9445 TCP | Replica configuration, only needed during initial replica installation -- IPAv3/RHEL6 only (not required at all in IPAv4/RHEL7 and RHEL 8) |
| Dogtag instance on top of Tomcat | 8005 and 8009 /TCP | Internally, on IPA masters, ports 8005 and 8009 (TCP/TCP6) are used to run components of the Certificate Authority services on the 127.0.0.1 and ::1 local interface addresses |
Note:
- In RHEL 6, 7 and 8, 389 port is used for replication instead of 7389 port.
- For migration plan, during install process is also required the port 8443/tcp allowed on Rhel 7 cluster.
To enable communication between AD domain controllers and IdM servers, refer What ports and services are required to setup IPA, AD two-way trust?
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments