experiences with krb clients on guest wireless networks?

Abe Singer abe at ligo.caltech.edu
Thu Feb 25 22:13:09 EST 2010


Forgive me if this has been discussed before on this list...

Some of our users have had the problem of being on "guest" wireless
networks (e.g. at universities) which are heavily firewalled, blocking
everything except tcp ports 22, 80, and 443 (and sometimes udp/tcp 53).
Needless to say, clients can't talk to our KDC from that network.

Has anyone else had experience with this?  If so, what have you done
about it?

We're thinking about having our KDCs respond on tcp port 443, since
that's almost always open, and it's rarely filtered for protocol
compliance (e.g. some network check port 80 traffic for valid HTTP).

(We have heard a story abouta network that only allowed port 80,
but at that point we give up),

VPN is not an option for many of our users, and we've also had the
experience of *that* not working from guest networks, depending on
what's blocked.  So we need to find a way for clients to reach our KDCs
directly.

Thanks,

-- Abe



More information about the Kerberos mailing list