[31974] in Kerberos
Can not run Kerberos 5 server on user ports ?
daemon@ATHENA.MIT.EDU (Castor Nageur)
Sun Jan 24 17:49:21 2010
From: Castor Nageur <castor.nageur@gmail.com>
Message-ID: <XnF9D0A741AF6CAENageur@212.27.60.37>
Date: 24 Jan 2010 10:24:23 GMT
X-Complaints-To: abuse@proxad.net
To: kerberos@mit.edu
Reply-To: castor.nageur@gmail.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all,
I am trying to install a Kerberos server on a Solaris 10 computer as a
standard user (I can not be "root" on my computer because my company
policy absolutely forbid it for security reasons).
Anyway, I have no choice but running this server for my current work.
Kerberos 5 server are used to running on 88, 749, 750 and 464 system
ports.
If run as a standard user, these ports can not be opened.
Consequently, I changed my configuration in order to start the server on
ports 58088, 58749, 58750, 58464 (theses ports values are allowed for
standard users) and it worked successfully (logs OK + netstat OK).
So my problem is:
When I run the "kadmin" Kerberos command, I get some connection refused
erros whereas everything should be OK.
If I do a netstat, I can see that "kadmin" try to connect on the standard
Kerberos ports found in "/etc/services" which are 749 and 750 whereas all
my Kerberos configuration is correctly set with no references to these
values.
* Can Unix ports be opened by names ?
* I explain : when a program try to open Kerberos port, it just specifies
"myhost:kerberos" instead of "myhost:88" and then the system make the
translation ?
* Can "/etc/services" be overriden (I recall that I can not be "root") so
Kerberos use a user "services" file ?
* Did I miss something in the Kerberos configuration ?
* I tried running "kadmin" with an explicit "host:port" specification but
it did not work. Could anyone send me a working syntax ?
Thanks in advance for your reply.
- Here are my "/etc/services" entries for Kerberos:
kerberos 88/udp kdc # Kerberos V5 KDC
kerberos 88/tcp kdc # Kerberos V5 KDC
kerberos-adm 749/tcp # Kerberos V5
Administration
kerberos-adm 749/udp # Kerberos V5
Administration
kerberos-iv 750/udp # Kerberos V4 key server
- Here are the netstat results (only for the Kerberos ports):
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- ----------
myhost.mydomain.58088 Idle
myhost.mydomain.58750 Idle
myhost.mydomain.58464 Idle
myhost.mydomain.43181 myhost.mydomain.kerberos Connected
myhost.mydomain.43182 myhost.mydomain.kerberos-iv Connected
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q
State
-------------------- -------------------- ----- ------ ----- ------
-----------
*.58464 *.* 0 0 49152 0
LISTEN
*.58749 *.* 0 0 49152 0
LISTEN
TCP: IPv6
Local Address Remote Address Swind
Send-Q Rwind Recv-Q State If
--------------------------------- --------------------------------- -----
------ ----- ------ ----------- -----
*.58464 *.* 0
0 49152 0 LISTEN
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
