mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
306bdccfa4
UDP port checks in ipa-replica-conncheck always returns OK even if they are closed by a firewall. They cannot be reliably checked in the same way as TCP ports as there is no session management as in TCP protocol. We cannot guarantee a response on the checked side without our own echo server bound to checked port. This patch removes UDP port checks in replica->master direction as we would have to implement (kerberos) protocol-wise check to make the other side actually respond. A list of skipped ports is printed for user. Direction master->replica was fixed and now it is able to report error when the port is blocked. https://fedorahosted.org/freeipa/ticket/2062 |
||
|---|---|---|
| .. | ||
| platform | ||
| py_default_encoding | ||
| test | ||
| __init__.py | ||
| certdb.py | ||
| certmonger.py | ||
| compat.py | ||
| config.py | ||
| dnsclient.py | ||
| dogtag.py | ||
| entity.py | ||
| ipa_log_manager.py | ||
| ipa.conf | ||
| ipautil.py | ||
| ipavalidate.py | ||
| log_manager.py | ||
| Makefile | ||
| MANIFEST.in | ||
| nsslib.py | ||
| README | ||
| services.py.in | ||
| setup.py.in | ||
| sysrestore.py | ||
| version.py.in | ||
This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.
A brief overview:
config.py - identify the IPA server domain and realm. It uses dnsclient to
try to detect this information first and will fall back to
/etc/ipa/default.conf if that fails.
dnsclient.py - find IPA information via DNS
ipautil.py - helper functions
entity.py - entity is the main data type. User and Group extend this class
(but don't add anything currently).
ipavalidate.py - basic data validation routines