Is it OK to have kerberos-sec port open to the Internet in Mac OS X?
Solution 1
It seems that kerberos-sec
on port 88
is an authentication method connected to AFP (Apple Filing Protocol) or SMB (Samba) file sharing. If you wish to disable it, you can as per the instructions on this site. This should work for Mac OS X 10.6.8 and below:
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.kdcmond.plist
For Mac OS X 10.7 (Lion) and above the command would be:
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist
If you wish to enable it again, just change unload
to load
like this:
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist
Solution 2
I had used the File Share feature earlier and turned it off, but somehow the port was still open. So I just went there again, checked and unchecked it and after running nmap
it was closed!
System Preferences > Sharing > File Share: set it to off
Related videos on Youtube
fadedbee
Updated on September 18, 2022Comments
-
fadedbee over 1 year
I’ve just bought my first Mac I want to connect it directly to the Internet in a colocation facility.
Running
nmap
against it shows:Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-18 21:54 GMT Nmap scan report for foo.bar (123.45.67.89) Host is up (0.00036s latency). rDNS record for 123.45.67.89: 89.67.45.123.in-addr.arpa Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 88/tcp open kerberos-sec 5900/tcp open vnc MAC Address: 01:23:45:67:89:AB (Apple)
I’ve deliberately started the SSH and VNC services.
What has started kerberos?
Is it okay for that port to be open to the Internet?
If not, how can I close it? When I tried setting up the firewall, the only applications were Remote Management (VNC) and Remote Login (SSH).
-
Philipp Gächter almost 3 yearsSince the only thing I shared was the public folder, I just turned off file & screen sharing and this also solved my port 88 already in use issue with some application using docker-compose in development.