On Wed, Mar 13, 2002 at 10:21:25AM -0500, Alan DeKok wrote: > <[EMAIL PROTECTED]> wrote: > > > You should use Samba on Unix. There are really no alternatives. > > > > Kerberos?
> Microsoft does Kerberos? I thought they just used a protocol eerily > similar to Kerberos, which didn't inter-operate with the MIT standard > Kerberos. Microsoft does Kerberos. The authentication services are fully interoperable with MIT. MS knows how to play their cards when it comes to breaking specs. The part that isn't interoperable is the authorization data (group membership listings) that MS chooses to pack inside the Kerberos ticket. Even though this information is readily available from the LDAP server, Win2K servers will never look there -- they'll only accept this info if it comes in the Kerberos ticket. So it's hard to say that it's not interoperable with MIT Kerberos, because their service does everything an MIT KDC does; it's just their Kerberized servers (fileserver, SQL, etc) that expect /more/. Steve Langasek postmodern programmer
msg03976/pgp00000.pgp
Description: PGP signature
