Anne and everyone, Thanks for the info. I think we can work with that. I'm glad that ldm is already robust enough to work in today's security climate. Thanks -JEff In message <3B0194DB.8AB94930@xxxxxxxxxxxxxxxx>, Anne Wilson writes: > > Hi Jeff, > > The LDM does not require that port 111 be available as long as port 388 > is available, like others have said. If port 388 was not available, > then a remote LDM would try to contact the portmapper on port 111. If > neither are available it will give up. > > Regarding the longer term, sure we're considering security issues. But, > the current design has served us well. Lots of our sites have firewalls > and run with no problem as long as port 388 is open. > > Regarding being "firewall friendly", technically, the LDM is not an RPC > service because it doesn't require the portmapper. Instead, it is a > "TCP service that uses RPC protocol encoding." That is, it establishes > the service on a fixed TCP port that clients try directly.