kerberos port numbers

Ken Hornstein kenh at
Tue Sep 10 12:09:24 EDT 2002

>Okay, so, based on what people have said, it sounds like looking up
>the service name "kerberos" still gives inconsistent results across
>platforms.  (Hello, IRIX....)  Maybe we shouldn't bother with the
>lookup, and always go with the numbers?

Personally, that would be great IMHO, because the service lookup _continues_
to bite me in the ass on occasion (e.g., telling people to poke a hole in
their firewall for port 88, but due to a bad services file, it ends up
using 750).

>That still leaves the question of whether to listen on port 750 for
>TCP.  And, actually, whether to listen on UDP port 750 for IPv6, where
>krb4 support also doesn't make much sense.

My thinking:

750/tcp		- no
750/udp/v6	- no

>Should we try to support every port number anyone might possibly be
>using through various misconfigurations and vendor bugs, or hope that
>they actually get something right?

On the server, it's not a huge deal to listen on both ports, right?  I
don't think many (if _any_) V5 KDCs are being deployed today that don't
listen on port 88.


More information about the krbdev mailing list