Can not run Kerberos 5 server on user ports ?

Castor Nageur castor.nageur at gmail.com
Sun Jan 24 05:24:23 EST 2010 

Hi all,

I am trying to install a Kerberos server on a Solaris 10 computer as a 
standard user (I can not be "root" on my computer because my company 
policy absolutely forbid it for security reasons).

Anyway, I have no choice but running this server for my current work.
Kerberos 5 server are used to running on 88, 749, 750 and 464 system 
ports.
If run as a standard user, these ports can not be opened.
Consequently, I changed my configuration in order to start the server on 
ports 58088, 58749, 58750, 58464 (theses ports values are allowed for 
standard users) and it worked successfully (logs OK + netstat OK).

So my problem is:

When I run the "kadmin" Kerberos command, I get some connection refused 
erros whereas everything should be OK.
If I do a netstat, I can see that "kadmin" try to connect on the standard 
Kerberos ports found in "/etc/services" which are 749 and 750 whereas all 
my Kerberos configuration is correctly set with no references to these 
values.

* Can Unix ports be opened by names ?

* I explain : when a program try to open Kerberos port, it just specifies 
"myhost:kerberos" instead of "myhost:88" and then the system make the 
translation ?

* Can "/etc/services" be overriden (I recall that I can not be "root") so 
Kerberos use a user "services" file ?

* Did I miss something in the Kerberos configuration ?

* I tried running "kadmin" with an explicit "host:port" specification but 
it did not work. Could anyone send me a working syntax ?


Thanks in advance for your reply.



- Here are my "/etc/services" entries for Kerberos:

kerberos        88/udp          kdc             # Kerberos V5 KDC
kerberos        88/tcp          kdc             # Kerberos V5 KDC
kerberos-adm    749/tcp                         # Kerberos V5 
Administration
kerberos-adm    749/udp                         # Kerberos V5 
Administration
kerberos-iv     750/udp                         # Kerberos V4 key server


- Here are the netstat results (only for the Kerberos ports):

UDP: IPv4
   Local Address        Remote Address      State
-------------------- -------------------- ----------
myhost.mydomain.58088                      Idle
myhost.mydomain.58750                      Idle
myhost.mydomain.58464                      Idle

myhost.mydomain.43181 myhost.mydomain.kerberos Connected
myhost.mydomain.43182 myhost.mydomain.kerberos-iv Connected



TCP: IPv4
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q    
State
-------------------- -------------------- ----- ------ ----- ------ 
-----------
      *.58464              *.*                0      0 49152      0 
LISTEN
      *.58749              *.*                0      0 49152      0 
LISTEN
      
      
TCP: IPv6
   Local Address                     Remote Address                 Swind 
Send-Q Rwind Recv-Q   State      If
--------------------------------- --------------------------------- ----- 
------ ----- ------ ----------- -----
      *.58464                           *.*                             0      
0 49152      0 LISTEN

More information about the Kerberos mailing list