Running KDC as non-root and dockerize KDC

Russ Allbery eagle at eyrie.org
Sat Jan 5 14:24:11 EST 2019


Grant Taylor <gtaylor at tnetconsulting.net> writes:

> Aside:  How well would Kerberos work if these services ran on a high
> port and IPTables magic was used to redirect requests to the low ports
> up to high ports?

It should be fine as long as the magic handles both UDP and TCP.

Another option would be to run the services on non-standard ports and
configure the clients.  Modern clients support SRV records, which include
the port and let you configure alternate ports.  Even older clients that
don't support SRV records can be configured in krb5.conf, which supports
specifying a port, although I'm not sure how good the support for that is
for all protocols and older versions.

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list