This site requires JavaScript to be enabled
Knowledge Home|Create Incident|Print
Information > Open Internet IP Ports Needed by Kerberos (for Firewalls)
Open Internet IP Ports Needed by Kerberos (for Firewalls)
Article: KB0011343 Published: 2014-06-06 Last modified: 2016-07-20

Open Internet IP Ports Needed by Kerberos (for Firewalls)

To enable clients behind firewalls (typically outside Fermilab) to communicate with the Kerberos KDC (Key Distribution Center servers) and Kerberized services at Fermilab, some ports must be opened on the firewalls (note this may also apply to host-based firewall software as well) as listed in the table below. These are the ports that the Fermilab KDCs and KCAs (Kerberized Certificate Authorities) are listening to. In addition, the Fermilab KDCs and KCAs are in the address block 131.225.0.0/16 (except for the KDC at Soudan which is in the address block 198.124.213.0/24).

 
UDP PortsTCP Ports
To get tickets, including the initial TGT 88 88
To change password from UNIX/Linux, also for Kerberos DB
adminitration access (kadmin)
  749
To change password with WRQ Reflections from Windows 464 464
If you need AFS tokens with your Kerberos tickets 749 and 4444  
Used by kx509 to access the KCA server 9878  
Used by AFS Servers may be needed by AFS Clients 7000-7007  


:      Views: 8
Was this helpful?
YesNo
Rate this article