Internet-Security.com TCP port 88 details

TCP port 88 is primarily used by the Kerberos v5 authentication protocol’s Key Distribution Center (KDC).
Microsoft Active Directory Domain Controllers expose a Kerberos KDC on TCP 88 for Windows logon/SSO and service tickets, used by AD-joined systems and apps like Exchange, SQL Server, and SharePoint.
Unix/Linux KDCs such as MIT Kerberos (krb5kdc) and Heimdal—used by FreeIPA/Red Hat Identity Management and Samba AD Domain Controller—listen on TCP 88.
Apple macOS Open Directory servers provide Kerberos on TCP 88; macOS and Linux clients contact TCP 88 on AD/MIT KDCs for SSO.
“Kerberized” enterprise stacks (e.g., Apache Hadoop, Apache Kafka, PostgreSQL, Oracle Database, and SSH with GSSAPI) use TCP 88 to reach a KDC for ticket acquisition.
Managed directory services like Azure AD Domain Services and AWS Managed Microsoft AD expose Kerberos on TCP 88.
Security note: attackers abuse Kerberos on port 88 for Kerberoasting and AS-REP roasting (offline cracking of TGS/AS tickets), pass-the-ticket attacks, and historically via flaws like MS14-068 PAC forgery against AD.

TCP 88