[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: krb5 services override in krb5.conf?

Derrick J Brashear <shadow@dementia.org> writes:
> It would be nice if there were a way to override the use of getservbyname
> for kerberos ports in /etc/krb5.conf, maybe something like
> [ports]
> 	kerberos = 88/tcp 88/udp
> etc.
> Problem is we have legacy software which expects to find an entry which is
> kerberos 750/udp
> in services, and if you remove it, they simply don't work. But... our krb5
> kdc isn't listening on 750, only on 88.

I would really prefer not to.  Having krb5.conf act the same way as
/etc/services but with different syntax seems just... non-optimal.  An
according to IANA, 'kerberos 88/udp' (and tcp) is the correct

a) What is the problem with your `legacy' software?
b) Could you make your kdc listen to 750?
c) How large a bribe are you offering?