9 Replies Latest reply: Jul 25, 2008 2:06 AM by Michael Keith
Bob_M. Level 2 (295 points)
I have 10.5.2 installed on my Mac Pro and have the Firewall set to Specific Services and Applications. Whenever I turn on the Mac Pro, I get a question from the firewall regarding whether to allow incoming connections to KRB5KDC or not. I have clicked both No and Yes and then deleted it from the Firewall Preference pane. I haven't figured out what this service or application is and whether it is legitimate or not.

Though I have all of the same software installed on a Macbook running 10.5.2 with the same settings, it never asks about KRB5KDC.

Does anyone know what this is and whether it is safe (or recommended) to allow it?

As a side note, I sometimes get asked about DNSresponder as well. I allows allow that, but it never shows up in the Firewall preference pane, which means I have to allow it again the next time I start up. Is this normal behavior?


Message was edited by: Bob_M.

Dual 2.66 Mac Pro, Mac OS X (10.5.2), Macbook, 12 inch Powerbook
  • Templeton Peck Level 9 (61,377 points)
    Remember... Google is your friend:

  • Bob_M. Level 2 (295 points)
    Actually, I did use google and found that very page already. Unfortunately, I don't use Linux and had no idea what that page was telling me. I was hoping someone else could provide a simple answer in layman's terms.

  • Bob_M. Level 2 (295 points)
    Anyone able to explain this in layman's terms?
  • eddy kestemont Level 2 (480 points)
  • Bob_M. Level 2 (295 points)
    Thank you, that is much simpler to understand than the other page someone linked to earlier. So, I guess if I want my Macbook to be able to connect to my Mac Pro, I have to allow incoming connections, right?

    It may not be entirely clear still, but at least I now have some idea what the app is.
  • dechamp Level 4 (3,490 points)
    Jeez, more useless links to man pages....

    Kerberos version 5 Authentication Service and Key Distribution Center

    "Kerberos 5 is a trusted third-party authentication system. This script starts and stops the server that Kerberos IV and 5 clients need to connect to in order to obtain credentials."

    Layman - It is a normal part of a Unix or Linux installation and is used as a method to authenticate accounts for access to some network services. It doesn't harm you to leave it on in case you need to connect to a server at work.

    DNSresponder or mDNSresponder - part of Zeroconf

    "Zeroconf or Zero Configuration Networking is a set of techniques that automatically create a usable IP network without configuration or special servers. This allows inexpert users to connect computers, networked printers, and other items together and expect them to work automatically. Without Zeroconf or something similar, a knowledgeable user must either set up special services, like DHCP and DNS, or set up each computer's network settings by hand, which is a tedious task, and is challenging for non-technical people."

    Both of these processes you asked about are normal integrated pieces of your OS. They have been around for years. They don't present any known dangers and can actually make your life easier while still maintaining security.
  • catpurrson Level 1 (0 points)
    Thanks much for this response! I was reviewing the posts to try to find out what the heck this was in my log ( krb5kdc is listening from uid = 0 proto=6) and came across your post

    I thought this could be something to do with someone trying to hack into my computer.. thanks for the info. Trying to learn
  • JJMB Level 1 (0 points)

    I know this probably unrelated but just recently telnet from my MAC started acting up. Each time I try to telnet from a Terminal I get the error listed in the following:


    Thoughts? Advice?


  • Michael Keith Level 1 (0 points)
    so during the night my powerbook hung (it's old and tends to do that occasionally) and i had to poweroff/poweron this morning. sadly nothing too unusual.

    but when i logged in to leopard a bunch of weird things happened.. the time/date was reset for example, though i've seen that before, so not too concerned. it had forgotten which wireless network to connect to (and the password). again, not too concerned.

    but the firewall popped up allow/deny requests for krbkdc and nmbd. now, i know what these are but why has it suddenly done this? i never seen this happen before and i've been running leopard on it for 6+ months. according to the firewall documentation all apple system programs should be automatically digitally signed so they shouldn't be flagged by the firewall. if a program is modified then it needs to be re-confirmed and it's signature re-generated.

    should i be concerned about an exploit? the only update i've done on it since the last reboot was the mobileme support, which i don't think would modify these programs?

    or is it just the firewall being wonky? (it does tend to constantly pop up allow/deny requests for some programs, such as simplifymedia which, to my knowledge, is perfectly safe).