Kerberos Change/Set Password
What is Port 464?
Port 464 is used by the Kerberos Change/Set Password protocol (kpasswd), which allows users to change their Kerberos passwords. In Active Directory environments, this port is used when users change or reset their domain passwords. The protocol is defined in RFC 3244 and works in conjunction with the Kerberos authentication system on port 88. When a user initiates a password change, the request is sent to the KDC (Key Distribution Center) on port 464. The KDC validates the user's current credentials and processes the password change request. This port is essential for Active Directory domain controller functionality and must be accessible from all domain-joined clients and member servers.
Common Uses
- Active Directory password changes and resets
- Kerberos password policy enforcement
- Self-service password change for domain users
- Automated password rotation for service accounts
Technical Details
Copy-paste commands to check port 464 (Kerberos Change/Set Password) from your terminal
Test connectivity
nc -zv example.com 464
curl -v --max-time 5 http://example.com:464/
telnet example.com 464
nmap -p 464 -sU -sV example.com
(echo > /dev/tcp/example.com/464) 2>/dev/null && echo "open" || echo "closed"
Open port in firewall
sudo ufw allow 464/tcp
sudo iptables -A INPUT -p tcp --dport 464 -j ACCEPT
sudo firewall-cmd --permanent --add-port=464/tcp && sudo firewall-cmd --reload
Security Considerations
Port 464 handles sensitive password change operations. Restrict access to trusted network segments only. Ensure password change traffic is encrypted. Monitor for suspicious password change patterns that might indicate account compromise. Implement password policies with complexity requirements and history.
Popular Ports Reference
The most commonly used and referenced network ports