Anne and everyone,
Thanks for the info. I think we can work with that. I'm glad
that ldm is already robust enough to work in today's
security climate.
Thanks
-JEff
In message <3B0194DB.8AB94930@xxxxxxxxxxxxxxxx>, Anne Wilson writes:
>
> Hi Jeff,
>
> The LDM does not require that port 111 be available as long as port 388
> is available, like others have said. If port 388 was not available,
> then a remote LDM would try to contact the portmapper on port 111. If
> neither are available it will give up.
>
> Regarding the longer term, sure we're considering security issues. But,
> the current design has served us well. Lots of our sites have firewalls
> and run with no problem as long as port 388 is open.
>
> Regarding being "firewall friendly", technically, the LDM is not an RPC
> service because it doesn't require the portmapper. Instead, it is a
> "TCP service that uses RPC protocol encoding." That is, it establishes
> the service on a fixed TCP port that clients try directly.