Re: Security issues and LDM

Anne and everyone,

Thanks for the info. I think we can work with that. I'm glad
that ldm is already robust enough to work in today's
security climate.



In message <3B0194DB.8AB94930@xxxxxxxxxxxxxxxx>, Anne Wilson writes:
> Hi Jeff,
> The LDM does not require that port 111 be available as long as port 388
> is available, like others have said.  If port 388 was not available,
> then a remote LDM would try to contact the portmapper on port 111.  If
> neither are available it will give up.
> Regarding the longer term, sure we're considering security issues.  But,
> the current design has served us well.  Lots of our sites have firewalls
> and run with no problem as long as port 388 is open.
> Regarding being "firewall friendly", technically, the LDM is not an RPC
> service because it doesn't require the portmapper.  Instead, it is a
> "TCP service that uses RPC protocol encoding."  That is, it establishes
> the service on a fixed TCP port that clients try directly.