[OpenAFS] ISP blocking Krb4 traffic?
Ken Hornstein
kenh@cmf.nrl.navy.mil
Thu, 15 Apr 2004 12:17:33 -0400
>> Is anyone else experiencing this problem, and also are there any
>> convenient workarounds for this? What complete stupidity.
>
>We have been able to convince some ISPs to block
>only 4444/tcp and not 4444/udp. Others have been
>thicker-headed. The only solution we have found
>for our clients behind such boneheadedness is to
>use a VPN (or switch ISPs).
The obvious workaround here is to simply have an aklog which doesn't
perform the 524 step (if you have a modern openafs, it isn't necessary).
I haven't yet modified our aklog to do the necessary magic, but it's
not hard. I believe that Jeff Altman said that KfW is going to go
that route as well. When I get some free cycles, I'll add that
functionality to aklog.
--Ken