Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Official port number for kerberos server?

761 views
Skip to first unread message

Steve Tice

unread,
Jan 25, 1992, 3:23:47 PM1/25/92
to
Is there an official port number assigned to the Kerberos server? If
not, is there a range recommended for it? Thanks.

Steve
--
Steve Tice TIVOLI Systems, Inc.
st...@redsand.tivoli.com 6034 West Courtyard, Suite 210
(512) 794-9070 [794-0623 fax] Austin, TX 78730

Sam Sjogren

unread,
Jan 27, 1992, 9:16:27 PM1/27/92
to
> Is there an official port number assigned to the Kerberos server? If
> not, is there a range recommended for it? Thanks.

SERVICE : TCP : 543 : KLOGIN :
SERVICE : TCP : 544 : KSHELL :
SERVICE : TCP : 750 : KERBEROS,KDC :
SERVICE : UDP : 750 : KERBEROS,KDC :
SERVICE : TCP : 752 : KRB_PROP :


> Steve

-me

Theodore Ts'o

unread,
Jan 27, 1992, 11:50:36 PM1/27/92
to
Date: Mon, 27 Jan 92 18:16:27 PST
From: sjo...@TGV.COM (Sam Sjogren)

Actually...... it turns out that port 750 was never officially assigned
to Kerberos, and in fact port 750 is reserved for the rfile and loadav
services. This was only noticed as we were preparing the Kerberos V5
RFC. The new reserved port for Kerberos (which was only assigned this
weekend) is port 88.

The current plan is that we will require in the RFC that Kerberos KDC's
to listen to the old port of 750 as well as the Kerberos port 88, and
get all the clients converted over to port 88 ASAP. This will be easy
to do for the V5 case since there should be few, if any, production
servers. For V4, this will be a bit trickier, since there quite a few
deployed servers out there, especially if you count the Kerberos servers
embedded in AFS cells. Probably the thing to do is to urge vendors to
modify their KDC's to listen on both port 88 and port 750. Since it
will take a while for this to happen, it probably wouldn't make sense to
move clients over to port 88 for the time being.

- Ted

Sam Sjogren

unread,
Feb 3, 1992, 7:14:01 PM2/3/92
to
> Actually...... it turns out that port 750 was never officially assigned
> to Kerberos, and in fact port 750 is reserved for the rfile and loadav
> services. This was only noticed as we were preparing the Kerberos V5
> RFC. The new reserved port for Kerberos (which was only assigned this
> weekend) is port 88.

> - Ted

Eeek. OK, is everything else in this relatively recent copy
of kerberos/src/prototypes/services.append properly assigned,
aside from the reassignment of the KDC?

klogin 543/tcp # Kerberos authenticated rlogin
kerberos 750/udp kdc # Kerberos authentication--udp
kerberos 750/tcp kdc # Kerberos authentication--tcp
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication
passwd_server 752/udp # Kerberos passwd server
userreg_server 753/udp # Kerberos userreg server
kpop 1109/tcp # Pop with Kerberos
knetd 2053/tcp # Kerberos de-multiplexor
kshell 544/tcp cmd # and remote shell
eklogin 2105/tcp # Kerberos encrypted rlogin
krb_prop 754/tcp # Kerberos slave propagation
erlogin 888/tcp # Login and environment passing

Also, I've seen port 751 marked as "hesupd". Is that an old usage?

-Sam

Theodore Ts'o

unread,
Feb 11, 1992, 11:24:41 PM2/11/92
to
Date: Mon, 3 Feb 92 16:14:01 PST
From: sjo...@TGV.COM (Sam Sjogren)

Eeek. OK, is everything else in this relatively recent copy


of kerberos/src/prototypes/services.append properly assigned,
aside from the reassignment of the KDC?

Actually.... no, some things are still not properly assigned. Klogin and
kshell have been assigned.

klogin 543/tcp # Kerberos authenticated rlogin

kshell 544/tcp cmd # and remote shell

Kerberos has been moved to port 88, although people will have to be
listening on port 750 for some time to come, and assume that many
servers won't be converted to listen to port 88 for some time.

kerberos 750/udp kdc # Kerberos authentication--udp
kerberos 750/tcp kdc # Kerberos authentication--tcp

Kerberos_master has not be reserved, but it is only really need for
intra-site transaction, since it's used by the kpasswd and kadmin
programs. The same goes for krb_prop, which is only used between the
Kerberos master and its slaves. These port numbers *have* been assigned
for other services, so if we request official assignments for these
services, we'll have to move them.

kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication

krb_prop 754/tcp # Kerberos slave propagation


passwd_server and userreg_server aren't used by any Kerberos programs
that I am aware of, so they shouldn't be a problem. The knetd port is
used, but the use of knetd has been deprecated, so getting a port for it
may not be that important.

passwd_server 752/udp # Kerberos passwd server
userreg_server 753/udp # Kerberos userreg server

knetd 2053/tcp # Kerberos de-multiplexor

These programs also haven't been assigned proper ports; we should
probably do some thing about these. These ports have been used yet, so
if we just request them to be assigned, we should hopefully be able to
get them.

eklogin 2105/tcp # Kerberos encrypted rlogin

kpop 1109/tcp # Pop with Kerberos

erlogin 888/tcp # Login and environment passing

Also, I've seen port 751 marked as "hesupd". Is that an old usage?

Yes, I'm pretty sure that's an old usage.

- Ted

0 new messages