[39546] in Kerberos
RE: [EXTERNAL] What are the required TCP/UCP ports for Kerberos
daemon@ATHENA.MIT.EDU (Mirkar, Shahezad via Kerberos)
Sat Aug 30 04:12:40 2025
To: Bassam Ballaji <bassam.ballaji@gmail.com>,
"kerberos@mit.edu"
<kerberos@mit.edu>
Date: Sat, 30 Aug 2025 08:12:16 +0000
Message-ID: <DM6PR02MB4633E12670A964A2C8118F198005A@DM6PR02MB4633.namprd02.prod.outlook.com>
In-Reply-To: <CAGA_OYeeO9SJy7Y5kB01uZzf6Y6PpB0oLGx2OL5TXU-rsNBMOQ@mail.gmail.com>
Content-Language: en-US
MIME-Version: 1.0
From: "Mirkar, Shahezad via Kerberos" <kerberos@mit.edu>
Reply-To: "Mirkar, Shahezad" <Shahezad_Mirkar@bmc.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
For the client-server communication in flows 5 and 6 of the Kerberos process, there is no specific Kerberos port. The communication happens over the application's own service port.
Explanation
In the Kerberos authentication flow, the initial steps (1-4 in your diagram) involve the client communicating with the Key Distribution Center (KDC) on the Domain Controller. This is where the standard Kerberos port, TCP/UDP 88, is used.
However, once the client has the service ticket, the subsequent communication (flows 5 and 6) is directly with the application server. The service ticket is presented to the application as part of the application's own protocol. The server then validates this ticket.
Therefore, the ports required for flows 5 and 6 are determined by the application you are trying to access. For example:
Web Application (HTTP/HTTPS): TCP ports 80 or 443
SQL Server: TCP port 1433
File Share (SMB): TCP port 445
-----Original Message-----
From: Kerberos <kerberos-bounces@mit.edu> On Behalf Of Bassam Ballaji
Sent: Friday, August 29, 2025 11:18 PM
To: kerberos@mit.edu
Subject: [EXTERNAL] What are the required TCP/UCP ports for Kerberos communication?
Hello,
My name is Bassam BALLAJI and I'm an IT professional.
Today, I'm implementing Kerberos authentication for a business application layer access to let the users authenticate with an external active directory using LDAPS protocol.
My implementation follows the article below, chapter 1, paragraph "what is Kerberos?" :
https://techcommunity.microsoft.com/blog/askds/ntlm-vs-kerberos/4120658
I need to know which TCP/ UDP ports are required for the flows 5 + 6, between client app and service server (not domain controller).
Thanks in advance for your help.
Regards,
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://urldefense.com/v3/__https://mailman.mit.edu/mailman/listinfo/kerberos__;!!PEZBYkTc!eN0qEp0EKnmfeReaSKSzod8AODtO-c3IW_7WiC06qEhc3k3gyzn0ZtALMTPR0Ka3A5LZPWxourXI2DdzDM9UzxX20dGo$
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
