Is it OK to have kerberos-sec port open to the Internet in Mac OS X?

macos networking firewall vnc kerberos
11,541

Solution 1

It seems that kerberos-sec on port 88 is an authentication method connected to AFP (Apple Filing Protocol) or SMB (Samba) file sharing. If you wish to disable it, you can as per the instructions on this site. This should work for Mac OS X 10.6.8 and below:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.kdcmond.plist

For Mac OS X 10.7 (Lion) and above the command would be:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist

If you wish to enable it again, just change unload to load like this:

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.Kerberos.kdc.plist

Solution 2

I had used the File Share feature earlier and turned it off, but somehow the port was still open. So I just went there again, checked and unchecked it and after running nmap it was closed!

System Preferences > Sharing > File Share: set it to off

enter image description here

Share:
11,541

Related videos on Youtube

fadedbee
Author by

fadedbee

Updated on September 18, 2022

Comments

  • fadedbee
    fadedbee over 1 year

    I’ve just bought my first Mac I want to connect it directly to the Internet in a colocation facility.

    Running nmap against it shows:

    Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-18 21:54 GMT
Nmap scan report for foo.bar (123.45.67.89)
Host is up (0.00036s latency).
rDNS record for 123.45.67.89: 89.67.45.123.in-addr.arpa
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
88/tcp   open  kerberos-sec
5900/tcp open  vnc
MAC Address: 01:23:45:67:89:AB (Apple)

    I’ve deliberately started the SSH and VNC services.

    What has started kerberos?

    Is it okay for that port to be open to the Internet?

    If not, how can I close it? When I tried setting up the firewall, the only applications were Remote Management (VNC) and Remote Login (SSH).

  • Philipp Gächter
    Philipp Gächter almost 3 years
    Since the only thing I shared was the public folder, I just turned off file & screen sharing and this also solved my port 88 already in use issue with some application using docker-compose in development.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is acvpnagent?
Connecting to SQL Server Named Instance from Windows 64bit
How to list AFP shares from command-line (MacOS)?
Avoiding TIME_WAIT
How can we troubleshoot intermittent "An existing connection was forcibly closed" errors caused by a Cisco CSS
Accessing LDAP through SSH tunnel
How do I fix UPnP Port Forwarding on Ubuntu using miniupnp?
How can I allow ssh connection from an IP subnet on port 10022 using iptables?
telnet: Unable to connect to remote host: Network is unreachable
Correct way to masquerade IP in iptables