experiences with krb clients on guest wireless networks?
Greg Hudson
ghudson at MIT.EDU
Fri Feb 26 13:01:34 EST 2010
On Thu, 2010-02-25 at 22:13 -0500, Abe Singer wrote:
> Some of our users have had the problem of being on "guest" wireless
> networks (e.g. at universities) which are heavily firewalled, blocking
> everything except tcp ports 22, 80, and 443 (and sometimes udp/tcp 53).
> Needless to say, clients can't talk to our KDC from that network.
It doesn't help you now, but we're hoping that IAKERB (due out in 1.9)
can eventually help with this situation, although it will require app
support. With IAKERB, heavily firewalled clients can get tickets using
app servers as a proxy, without trusting the app server like you would
sending the password.
More information about the Kerberos
mailing list