Ahhhhh, we all love to hate Microsoft. But in this case Microsoft actually (according to them) played within the specs. From what I've read about it, there is a place in the Kerberos Ticket to store some optional authorization data. Microsoft took advantage of that but refused to make the contents of the optional stuff it added public. Since Kerberos is an open protocol, it pissed some people off that Microsoft was adding some proprietary stuff to it. I think there were also some broken promises by MS to eventually make the stuff it added public. Later when they did make it available they did so under NDA. I can tell you that the Windows 2000 and 2003 implementations of Kerberos work with other Kerberized applications. I think MS did a very good job of implementing/integrating Kerberos with Active Directory. Good enough that most Windows admins don't even know they are actually administering a Kerberos. If you are interested in low cost SSO using EIM and Kerberos then using Windows 2/3k is a no-brainer. Kurt Goolsbee TriAWorks, Inc. midrange-l-bounces@xxxxxxxxxxxx wrote on 03/22/2004 11:58:33 AM: > On Fri, 19 Mar 2004, jt wrote: > > > | (which for windows 2k/3k domains is > > | something called Kerberos) > > > > Huh... And I thought Kerberos was IBM tech. I mean, I gather it's some > > kind-a semi-standard, but somehow I thought it mainly came outta IBM labs. > > No matter, other than I saw it is used in MS Passport, which is something > > I'm Extremely leary of. > > As already pointed out, Kerberos is a standard and was developed at MIT. > When Microsoft adopted it, they (in usual MS fashion) broke the standard > in such a way that MS products could only communicate with other MS > products. Needless to say this made a lot of people really mad. I > believe that later MS fixed their broken implementation but I'm not sure. > > James Rich > > Zvpebfbsg vf abg gur nafjre. > Zvpebfbsg vf gur dhrfgvba. > AB (be Yvahk) vf gur nafjre. > -- Gnxra sebz n .fvtangher sebz fbzrbar sebz gur HX, fbhepr haxabja > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.