kerberos port numbers
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Sep 10 12:09:24 EDT 2002
>Okay, so, based on what people have said, it sounds like looking up
>the service name "kerberos" still gives inconsistent results across
>platforms. (Hello, IRIX....) Maybe we shouldn't bother with the
>lookup, and always go with the numbers?
Personally, that would be great IMHO, because the service lookup _continues_
to bite me in the ass on occasion (e.g., telling people to poke a hole in
their firewall for port 88, but due to a bad services file, it ends up
using 750).
>That still leaves the question of whether to listen on port 750 for
>TCP. And, actually, whether to listen on UDP port 750 for IPv6, where
>krb4 support also doesn't make much sense.
My thinking:
750/tcp - no
750/udp/v6 - no
>Should we try to support every port number anyone might possibly be
>using through various misconfigurations and vendor bugs, or hope that
>they actually get something right?
On the server, it's not a huge deal to listen on both ports, right? I
don't think many (if _any_) V5 KDCs are being deployed today that don't
listen on port 88.
--Ken
More information about the krbdev
mailing list