Detecting Kerberos?

Sensei senseiwa at
Sun Jun 25 14:45:02 EDT 2006

On 2006-06-23 20:25:50 +0200, Eric.Berg at ("Eric Berg") said:

> Is it possible to detect whether Kerberos is present on a network? If
> so, how?

Not easily and possibly not legally.

KDCs have port 88 open, you might user a port scanner, in some networks 
is prohibited. You can sniff packets if you have a real access, again, 
lawyers can come by. If a networks relies completely on a VPN based 
solution, closing gates and having happy kerbeoros KDCs inside for 
internal purpose, it's hard. Another possibility is asking the DNS, but 
SRV records are not mandatory.

Why don't you just ask the net admins?

Sensei <senseiwa at>

The optimist thinks this is the best of all possible worlds.
The pessimist fears it is true.      [J. Robert Oppenheimer]

More information about the Kerberos mailing list