kerberos port numbers

Ken Raeburn raeburn at MIT.EDU
Thu Aug 22 22:49:00 EDT 2002

For a long time, the MIT code has defaulted to contacting both ports
88 and 750 on the KDC.  Port 88 is the standard port for Kerberos 5;
port 750 was the port used by Kerberos 4.  Once upon a time, it was
not uncommon for systems to have a "kerberos" entry in /etc/services
that referred to port 750.

I've recently been working on client-side TCP support, so we can talk
to MS KDCs.  I don't think there's any point in trying port 750 with
TCP.  Most systems should have correct /etc/services files by now, and
we're not planning to do TCP support for Kerberos 4.  (Whether we'll
go out of our way to make sure it doesn't work, when we get around to
KDC-side TCP support, I don't know.)

My question is, do people think there's still any need to try port 750
(and looking up service "kerberos-sec") by default for krb5 over UDP?
How about having the KDC listening for krb5 traffic on port 750?

Unless there's a good reason to keep it, I'll probably drop the
secondary-port support from the krb5 library; it'll simplify things.


More information about the krbdev mailing list