[32110] in Kerberos
Re: experiences with krb clients on guest wireless networks?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Feb 26 13:01:40 2010
From: Greg Hudson <ghudson@mit.edu>
To: Abe Singer <abe@ligo.caltech.edu>
In-Reply-To: <20100226031307.GB72201@ligo.caltech.edu>
Date: Fri, 26 Feb 2010 13:01:34 -0500
Message-ID: <1267207294.20257.695.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 2010-02-25 at 22:13 -0500, Abe Singer wrote:
> Some of our users have had the problem of being on "guest" wireless
> networks (e.g. at universities) which are heavily firewalled, blocking
> everything except tcp ports 22, 80, and 443 (and sometimes udp/tcp 53).
> Needless to say, clients can't talk to our KDC from that network.
It doesn't help you now, but we're hoping that IAKERB (due out in 1.9)
can eventually help with this situation, although it will require app
support. With IAKERB, heavily firewalled clients can get tickets using
app servers as a proxy, without trusting the app server like you would
sending the password.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
