Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 3.10. Is there a way to use Kerberos to authenticate my X windows connections? I tried compiling the Kerberos support in X, but it Next Document: 4. Error messages and other problems See reader questions & answers on this topic! - Help others by sharing your knowledge From: Von Welch <vwelch@ncsa.uiuc.edu> There are three components in the Kerberos world: the kerberos client applications (e.g. kinit, telnet, pop), the server applications (e.g. telnetd, popper), and the Kerberos KDC. Each pair has different types of traffic that go between them. Depending on the pair of components your firewall is between, you will need to allow different types of traffic through your firewall. The notation 'xxxx/udp' or 'xxxx/tcp' below refers to a ephemeral port number (>1024). This refers to a return port that is assigned by the system. The only assumption you can make about the port number is that it will be greater than 1024. Between a client program and the KDC, your firewall may need to allow traffic on the following ports/protocols: Client Application To KDC Return traffic Initial ticket request (i.e. kinit) 88/udp xxxx/udp Kerberos 5-to-4 ticket conversion 4444/udp xxxx/udp Changing password (kpasswd under unix) 749/tcp xxxx/tcp Changing password (under windows, old interface) 464/tcp xxxx/tcp Changing password (under windows, new interface) 464/udp xxxx/udp Running kadmin (also requires initial ticket, 88/udp) 749/tcp xxxx/tcp Between an application server and the KDC, your firewall may need to allow traffic on the following ports/protocols: Application Server To KDC Return traffic Initial ticket request (i.e. kinit) 88/udp xxxx/udp Kerberos 5-to-4 ticket conversion 4444/udp xxxx/udp Between an client program and an application server, your firewall may need to allow traffic on the following ports/protocols: Application program/server To server To client rlogin/rlogind (w/o encryption) 543/tcp xxxx/tcp rlogin/rlogind (w/encryption) 2105/tcp xxxx/tcp rsh/rshd 544/tcp xxxx/tcp pop/popper 1109/tcp xxxx/tcp telnet/telnetd Same as non-kerberized telnet/telnetd ftp/ftpd Same as non-kerberized ftp/ftpd User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 3.10. Is there a way to use Kerberos to authenticate my X windows connections? I tried compiling the Kerberos support in X, but it Next Document: 4. Error messages and other problems Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: