Ahhhhh,  we all love to hate Microsoft.  But in this case Microsoft 
actually (according to them) played within the specs.  From what I've read 
about it, there is a place in the Kerberos Ticket to store some optional 
authorization data.  Microsoft took advantage of that but refused to make 
the contents of the optional stuff it added public.  Since Kerberos is an 
open protocol, it pissed some people off that Microsoft was adding some 
proprietary stuff to it.  I think there were also some broken promises by 
MS to eventually make the stuff it added public.  Later when they did make 
it available they did so under NDA.

I can tell you that the Windows 2000 and 2003 implementations of Kerberos 
work with other Kerberized applications.  I think MS did a very good job 
of implementing/integrating Kerberos with Active Directory.  Good enough 
that most Windows admins don't even know they are actually administering a 
Kerberos.  If you are interested in low cost SSO using EIM and Kerberos 
then using Windows 2/3k is a no-brainer.

Kurt Goolsbee
TriAWorks, Inc.

midrange-l-bounces@xxxxxxxxxxxx wrote on 03/22/2004 11:58:33 AM:

> On Fri, 19 Mar 2004, jt wrote:
> > | (which for windows 2k/3k domains is
> > | something called Kerberos)
> >
> > Huh...  And I thought Kerberos was IBM tech.  I mean, I gather it's 
> > kind-a semi-standard, but somehow I thought it mainly came outta IBM 
> > No matter, other than I saw it is used in MS Passport, which is 
> > I'm Extremely leary of.
> As already pointed out, Kerberos is a standard and was developed at MIT.
> When Microsoft adopted it, they (in usual MS fashion) broke the standard
> in such a way that MS products could only communicate with other MS
> products.  Needless to say this made a lot of people really mad.  I
> believe that later MS fixed their broken implementation but I'm not 
> James Rich
> Zvpebfbsg vf abg gur nafjre.
> Zvpebfbsg vf gur dhrfgvba.
> AB (be Yvahk) vf gur nafjre.
>         -- Gnxra sebz n .fvtangher sebz fbzrbar sebz gur HX, fbhepr 
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.