For the client-server communication in flows 5 and 6 of the Kerberos process, there is no specific Kerberos port. The communication happens over the application's own service port.
Explanation In the Kerberos authentication flow, the initial steps (1-4 in your diagram) involve the client communicating with the Key Distribution Center (KDC) on the Domain Controller. This is where the standard Kerberos port, TCP/UDP 88, is used. However, once the client has the service ticket, the subsequent communication (flows 5 and 6) is directly with the application server. The service ticket is presented to the application as part of the application's own protocol. The server then validates this ticket. Therefore, the ports required for flows 5 and 6 are determined by the application you are trying to access. For example: Web Application (HTTP/HTTPS): TCP ports 80 or 443 SQL Server: TCP port 1433 File Share (SMB): TCP port 445 -----Original Message----- From: Kerberos <[email protected]> On Behalf Of Bassam Ballaji Sent: Friday, August 29, 2025 11:18 PM To: [email protected] Subject: [EXTERNAL] What are the required TCP/UCP ports for Kerberos communication? Hello, My name is Bassam BALLAJI and I'm an IT professional. Today, I'm implementing Kerberos authentication for a business application layer access to let the users authenticate with an external active directory using LDAPS protocol. My implementation follows the article below, chapter 1, paragraph "what is Kerberos?" : https://techcommunity.microsoft.com/blog/askds/ntlm-vs-kerberos/4120658 I need to know which TCP/ UDP ports are required for the flows 5 + 6, between client app and service server (not domain controller). Thanks in advance for your help. Regards, ________________________________________________ Kerberos mailing list [email protected] https://urldefense.com/v3/__https://mailman.mit.edu/mailman/listinfo/kerberos__;!!PEZBYkTc!eN0qEp0EKnmfeReaSKSzod8AODtO-c3IW_7WiC06qEhc3k3gyzn0ZtALMTPR0Ka3A5LZPWxourXI2DdzDM9UzxX20dGo$ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
