Grant Taylor <gtay...@tnetconsulting.net> writes: > Aside: How well would Kerberos work if these services ran on a high > port and IPTables magic was used to redirect requests to the low ports > up to high ports?
It should be fine as long as the magic handles both UDP and TCP. Another option would be to run the services on non-standard ports and configure the clients. Modern clients support SRV records, which include the port and let you configure alternate ports. Even older clients that don't support SRV records can be configured in krb5.conf, which supports specifying a port, although I'm not sure how good the support for that is for all protocols and older versions. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos