[OpenAFS] ISP blocking Krb4 traffic?
John Hascall
john@iastate.edu
Thu, 15 Apr 2004 11:09:42 CDT
> I've noticed recently that our ISP seems to be dropping outbound traffic
> with a destination port equal to 4444. I think this is to circumvent
> some Windows worm that uses that port. However, it has the side effect
> of completely neutering Kerberos 4 usage to an off-site realm, because
> traffic on port 4444 from the client to the krb4 KDC (or krb524) is
> dropped.
> Is anyone else experiencing this problem, and also are there any
> convenient workarounds for this? What complete stupidity.
We have been able to convince some ISPs to block
only 4444/tcp and not 4444/udp. Others have been
thicker-headed. The only solution we have found
for our clients behind such boneheadedness is to
use a VPN (or switch ISPs).
It would be nice to be able to configure the 524 client
stuff to use a different port...
John