Paul Lussier wrote:
> Unix has had Kerberos for years, MS is just now catching up.
But as you point out:
> There are Unix shops using Kerberos for authentication,
> it's just not widespread.
^^^^^^^^^^^^^^^^^^^^^^^^
That's an understatement. I can count on the fingers of one finger the
number of Unix sites I've personally encountered that use Kerberos.
> Why? There's not really much demand for security from the
> market, therefore the commercial Unix vendors never shipped it as a
default.
> Security is just now becoming a hot item in the marketplace. MS as usual,
is
> just very good at timing their entry into a certain market. They've done
> nothing new, just timed it right, and are marketing it as something new.
None of this changes the facts that:
- Unix has had Kerberos available for years, but hardly anyone uses it.
- By virtue of building it into W2K, MS will succeed in bringing Kerberos
to the masses.
For years we Unix dweebs have jeered at the fact that Windoze isn't a "real"
operating system, isn't multi-user, it has no security, etc. etc. In the
meantime, were we busy deploying Kerberos, ssh, AFS and all the other stuff
that would have kept Unix way out in front of Windoze WRT security? (Well,
maybe ssh has become common.)
Don't get me wrong, I *like* Unix, especially on servers. But from a
security perspective, I think it's fair to say that Unix, as practiced
by most sites, has stood still, while MS has improved. Remember when
NT & W98 started insisting on encrypted passwords for SMB shares? What was
the response of most sites running Samba? Edit the registry to turn
off encrypted passwords! Granted, Samba eventually added support for
encrypted passwords, and the reason this was a problem is because MS
doesn't publish protocols, which is why anti-trust action is so important.
Still...
> AFS is a replacement for NFS. I don't know whether it's any better or
worse,
> or any more secure for that matter, just different.
>From what I've read (recently) about it, it looks better. But I ask
again: is anyone actually using it?
> NFS is absolutely the worst solution out there for a distributed
> filesystem, except for all the rest.
Again: Unix has been standing still.
This gets me wondering: maybe one *weakness* of the open source model is
that
once a more-or-less acceptable solution to some reasonably hard problem
(like
a distributed file system) appears, it gets accepted as the "standard"
solution, and unless the problem itself is inherently interesting, nobody
bothers trying to come up with something better.
Anyway: I'm still hoping that *someone* on this list is using something
other than NFS or SMB and can comment on their experience.
-- Jerry Callen Mobile: 617-388-3990
Narsil FAX: 617-876-5331
63 Orchard Street email: [EMAIL PROTECTED]
Cambridge, MA 02140-1328
PGP public keys available from http://pgp.ai.mit.edu
fingerprints:
DH/DSS key ID 0x1806252C: 7669 A4CD 759A 6EB7 AF04
C10D B659 2A4B 1806 252C
RSA key ID 0x99F7AAE5: D265 DC9C 13FD 6110
30F5 1874 A206 24B1
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
