[OpenAFS] ISP blocking Krb4 traffic?

Horst Birthelmer horst@riback.net
Sun, 18 Apr 2004 21:37:25 +0200 

--Apple-Mail-4-930630116
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=ISO-8859-1;
	format=flowed

Ok,

I'll investigate that problem a little more ... maybe I can provide=20
some more information at some point in the future.

Horst

On Sunday, April 18, 2004, at 04:53 PM, Jeffrey Altman wrote:

> Horst Birthelmer wrote:
>
> Isn't that a bit of a problem??
> I saw you set the max ticket size to 12000.
> Wouldn't that manipulate the functionality of a kaserver granting a=20
> token to an old client (by client I mean a machine with an older=20
> OpenAFS)?
>
> It should not.
>
> I had some trouble with that but don't exactly know where they were=20
> coming from.
>
> There is a requirement that the pioctl() calls be able to handle the=20=

> larger ktc_token
> structure.=A0 However, these calls are local to the client.=A0 As long =
as=20
> the client installation
> on a given machine is consistent there will be no issues.
>
> What we cannot do is alter the size or structure of the ktc_principal=20=

> since that
> structure does need to be transmitted between client and server.
>
>
> <smime.p7s>=

--Apple-Mail-4-930630116
Content-Transfer-Encoding: quoted-printable
Content-Type: text/enriched;
	charset=ISO-8859-1

Ok,


I'll investigate that problem a little more ... maybe I can provide
some more information at some point in the future.


Horst


On Sunday, April 18, 2004, at 04:53 PM, Jeffrey Altman wrote:


<excerpt><color><param>0000,0000,0000</param>Horst Birthelmer wrote:


Isn't that a bit of a problem??

I saw you set the max ticket size to 12000.

Wouldn't that manipulate the functionality of a kaserver granting a
token to an old client (by client I mean a machine with an older
OpenAFS)?


It should not.


I had some trouble with that but don't exactly know where they were
coming from.


There is a requirement that the pioctl() calls be able to handle the
larger ktc_token

structure.=A0 However, these calls are local to the client.=A0 As long =
as
the client installation

on a given machine is consistent there will be no issues.


What we cannot do is alter the size or structure of the ktc_principal
since that

structure does need to be transmitted between client and server.



</color><<smime.p7s></excerpt>=

--Apple-Mail-4-930630116--