This discussion is archived
2 Replies Latest reply: Jun 3, 2010 12:39 PM by 843810 RSS

Cannot specify non-default KDC port using system property krb5.kdc

843810 Newbie
Currently Being Moderated
For testing / debug it's very useful to be able to run the KDC on a non-default port. This can be specified in Kerberos config file by appending the port number to the KDC host name, delimited with a colon.

The java.security.krb5.kdc property can be used to locate the KDC - Unfortunately in Config.java in the sun.security.krb5 package, when parsing the property the colon is used as a delimiter for multiple KDCs. The config object String.replace()s the colons with space chars. Then the KrbKdcReq.java module, when testing for a non-default port in the KDC string from the config object, looks for the colon delimiter - but this has been zapped. So it seems that it's not possible to specify the non-default port via the property.

The workaround is to use the config file approach instead, but this is inconvenient and limits programmability (especially when using configuration reload) - Is there a prospect that the config parser might be adjusted backwards compatible (say, to recognise a double colon or an escape char) to fix this?

regards

Ted Hayes
  • 1. Re: Cannot specify non-default KDC port using system property krb5.kdc
    843810 Newbie
    Currently Being Moderated
    I guess it can check the components between ':'s. If it's a decimal number, that's a port; otherwise, it's another hostname.
  • 2. Re: Cannot specify non-default KDC port using system property krb5.kdc
    843810 Newbie
    Currently Being Moderated
    Greetings

    I'm sorry to dig this thread up, but I could really use some help concerning this. I need to set up ApacheDS in a remote machine, but I'm not allowed to have root access to it, which means I can't make ApacheDS to run its KDC at port 88. Port 88 is a reserved port in *nix machines, so I can't make ApacheDS to list on that port without admin previledges.

    On the other hand, I already have a client/server demo program that can connect to a kdc (which can be found at http://thejavamonkey.blogspot.com/2008/04/clientserver-hello-world-in-kerberos.html), but I don't know how to set it up to run on any other port. I noticed that teddy_salad mentioned something about a config file approach, but I don't know what he is referring to.

    At this point I should mention that its my first time trying to use JGSS, but I'm also running out of time to make the ApacheDS work. I'm supposed to make some benchmarking tests for my masters degree dissertation, and the deadline is approaching :\

    I only need to know how to change hte default port to which that application connects to. Thanks in advance to anyone who replies to this.