diff options
| author | Theodore Tso <tytso@mit.edu> | 1995-01-05 22:10:04 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1995-01-05 22:10:04 +0000 |
| commit | 5c742e0ec24a239169e3643735288a27685cd262 (patch) | |
| tree | 74ae6f69bc842947aab456938e692be4d10c9ba0 /src | |
| parent | 6b8f5859c2ceffb552d0770bf259a1fc505dd466 (diff) | |
| download | krb5-5c742e0ec24a239169e3643735288a27685cd262.zip krb5-5c742e0ec24a239169e3643735288a27685cd262.tar.gz krb5-5c742e0ec24a239169e3643735288a27685cd262.tar.bz2 | |
Changed kerberos5 and kerberos4 port names to kerberos and kerberos-sec
Add a comment about why you might want to switch the definitions of
kerberos and kerberos-sec under some circumstances.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4798 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/config-files/services.append | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/src/config-files/services.append b/src/config-files/services.append index 5a20555..fdf405f 100644 --- a/src/config-files/services.append +++ b/src/config-files/services.append @@ -1,14 +1,32 @@ -klogin 543/tcp # Kerberos authenticated rlogin -kerberos5 88/udp kdc # Kerberos authentication--udp -kerberos5 88/tcp kdc # Kerberos authentication--tcp -kerberos4 750/udp # Kerberos authentication--udp -kerberos4 750/tcp # Kerberos authentication--tcp +# +# Note --- if you are using Kerberos V4 clients and you either (a) +# haven't converted all your KDC's over to use V5, or (b) are worried +# about inter-realm interoperability with other KDC's that are still +# using V4, then you will have to switch the definition of kerberos and +# kerberos-sec. +# +# The issue is that the official port assignement for the "kerberos" +# port is port 88, yet the unofficial port that has been used for +# Kerberos V4 is port 750. The V5 KDC will respond to requests made on +# either port, and if V4 compatibility is turned on, it will respond to +# V4 requests on either port as well. +# +# +# Hence, it is safe to switch the definitions of kerberos and +# kerberos-sec; both should be defined, though, and one should be port +# 88 and one should be port 750. +# +kerberos 88/udp kdc # Kerberos authentication--udp +kerberos 88/tcp kdc # Kerberos authentication--tcp +kerberos-sec 750/udp # Kerberos authentication--udp +kerberos-sec 750/tcp # Kerberos authentication--tcp kerberos_master 751/udp # Kerberos authentication kerberos_master 751/tcp # Kerberos authentication kerberos-adm 749/tcp # Kerberos 5 admin/changepw kerberos-adm 749/udp # Kerberos 5 admin/changepw kpop 1109/tcp # Pop with Kerberos kshell 544/tcp cmd # and remote shell +klogin 543/tcp # Kerberos authenticated rlogin eklogin 2105/tcp # Kerberos encrypted rlogin krb_prop 754/tcp # Kerberos slave propagation krb524 4444/tcp # Kerberos 5 to 4 ticket xlator |