[OpenAFS] Re: authenticating using AD servers hidden behind firewall

Derek Atkins warlord@MIT.EDU
Fri, 08 Jun 2012 09:27:02 -0400

John Tang Boyland <boyland@pabst.cs.uwm.edu> writes:

> Our institution uses "Shibboleth" for off campus authentication,
> since it keeps the AD (and thus kerberos) servers hidden behind
> a firewall.  Does anyone know how to have OpenAFS use Shibboleth
> for authentication?

Is there any reason you can't just open port 88 on the firewall to allow
Kerberos through?  Kerberos *is* a security protocol afterall, there is
no real reason to hide your Kerberos server completely behind a

> John


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available