From 5c742e0ec24a239169e3643735288a27685cd262 Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Thu, 5 Jan 1995 22:10:04 +0000
Subject: Changed kerberos5 and kerberos4 port names to kerberos and
 kerberos-sec

Add a comment about why you might want to switch the definitions of
kerberos and kerberos-sec under some circumstances.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4798 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/config-files/services.append | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

(limited to 'src/config-files')

diff --git a/src/config-files/services.append b/src/config-files/services.append
index 5a20555..fdf405f 100644
--- a/src/config-files/services.append
+++ b/src/config-files/services.append
@@ -1,14 +1,32 @@
-klogin		543/tcp				# Kerberos authenticated rlogin
-kerberos5	88/udp 		kdc		# Kerberos authentication--udp
-kerberos5	88/tcp 		kdc		# Kerberos authentication--tcp
-kerberos4	750/udp 			# Kerberos authentication--udp
-kerberos4	750/tcp 			# Kerberos authentication--tcp
+#
+# Note --- if you are using Kerberos V4 clients and you either (a)
+# haven't converted all your KDC's over to use V5, or (b) are worried
+# about inter-realm interoperability with other KDC's that are still
+# using V4, then you will have to switch the definition of kerberos and
+# kerberos-sec.
+#
+# The issue is that the official port assignement for the "kerberos"
+# port is port 88, yet the unofficial port that has been used for
+# Kerberos V4 is port 750.  The V5 KDC will respond to requests made on
+# either port, and if V4 compatibility is turned on, it will respond to
+# V4 requests on either port as well.
+#
+#
+# Hence, it is safe to switch the definitions of kerberos and
+# kerberos-sec; both should be defined, though, and one should be port
+# 88 and one should be port 750.
+#
+kerberos	88/udp 		kdc		# Kerberos authentication--udp
+kerberos	88/tcp 		kdc		# Kerberos authentication--tcp
+kerberos-sec	750/udp 			# Kerberos authentication--udp
+kerberos-sec	750/tcp 			# Kerberos authentication--tcp
 kerberos_master	751/udp 			# Kerberos authentication
 kerberos_master	751/tcp 			# Kerberos authentication
 kerberos-adm	749/tcp				# Kerberos 5 admin/changepw
 kerberos-adm	749/udp				# Kerberos 5 admin/changepw
 kpop		1109/tcp			# Pop with Kerberos
 kshell		544/tcp		cmd		# and remote shell
+klogin		543/tcp				# Kerberos authenticated rlogin
 eklogin		2105/tcp			# Kerberos encrypted rlogin
 krb_prop	754/tcp				# Kerberos slave propagation
 krb524		4444/tcp			# Kerberos 5 to 4 ticket xlator
-- 
cgit v1.1