Open Ports Needed by Kerberos
|To enable clients behind
firewalls (outside Fermilab) to communicate with the Kerberos KDC (Key
Distribution Center servers) and Kerberized services at Fermilab, some
ports must be opened on the firewall (note this may also apply to
host-based firewall software as well) as listed in the table below.
These are the ports that the Fermilab KDCs and KCAs (Kerberized
Certificate Authorities) are listening to. In
addition, the Fermilab KDCs and KCAs are in the address block 184.108.40.206/16
(except for the KDC
at Soudan which is in the address block 220.127.116.11/24).
Scroll down to the bottom of the page for the table of port numbers used by Kerberos.
||UDP Ports||TCP Ports|
|To get tickets, including the initial TGT||88||88|
change password from
UNIX/Linux, also for Kerberos DB
adminitration access (kadmin)
|To change password with WRQ Reflections from Windows||464||464|
|If you need AFS tokens with your Kerberos tickets||749 and 4444|
|Used by kx509 to access the KCA server||9878|
|Used by AFS Servers may be needed by AFS Clients||7000-7007|