Thanks for your comments Marcus. I apologies I am not totally familiar with the infrastructure of this newgroup's users! I entered this newgroup via the MIT Kerberos web site and assumed (incorrectly) that the purpose of this newgroup was devoted to MIT's implementation of the protocol.
Tim has kindly educated me of the various uses of MIT's implementation inside an Enterprise. So I realise my comment regarding the bosses girlfriend may have come across a little sarcastic. I wasn't intentionally attempting to flame Microsoft (although I work with their products daily, and with the exception of Exchange and AD I have very little praise for them; so the undertones may have been laid unconsciously?), my main issue is the cost of their licenses. I want to help startup companies setup fast and feasible infrastructure without having to pay out tens of thousands for equipment and software. In the current climate, I believe this could be the difference between a small company surviving or not! I need an open source way of providing homogeneous authentication otherwise I am unable to achieve my goals. Microsoft make very strong, conscious decisions which I cannot fault from a business POV; but they often screw the little interop companies without a second thought. I am indeed very aware of this. Although my labour has exceed the cost of the M$ Server OS (I said this to prove a point which is still relevant), I am still not planning on giving up on FOSS and moving to using Microsoft AD. Many Thanks, Tom On Wed, Apr 7, 2010 at 10:00 AM, Marcus Watts <[email protected]> wrote: > ... > > My complaint is the Kerberos project is all about a security protocol. > One > > which can be used to replace the standard user authentication system of > the > > OS. Now it doesn't matter how Unix-friendly a company is; at some point > in > > time they will want/need to connect a Windows machine to their network > (for > > arguments sake, say the bosses new girlfriend has a Windows laptop) and > > risk assessors will think of scenarios like this before using a > technology. > > If you can't cater for Windows' vast market share; you are no longer a > > viable option!! > ... > > What? The folks on this mailing list do not all work at one place. > Some of those places have large ms windows infrastructures, and there > is a wide variety of different ways of marrying windows, unix, and other > machines, with varying properties. Of course, some of us are also in > the happy position of being able to largely ignore ms windows. > > If you're talking specifically about MIT kerberos (and not just about the > protocol), um, well, I believe MIT is a private educational institution, > which has slightly different goals than a large commercial corporation. > Your bosses new girlfriend might not fit those goals the way you think. > > Perhaps you intended to flame MicroSoft? For *most* of the people on this > list I venture to say there's little we can do to make your MicroSoft > experience better. That is because very few of us are in a position to > directly influence the choices MicroSoft makes. And MicroSoft, being > a commercial company, does make decisions accordingly to its perceived > commercial interests. One of the choices I found peculiar was their > decision not to backport AES support to XP and older versions of windows. > Presumably they don't see why their customers shouldn't just rush out and > upgrade to Vista. I'm sure they'll feel mostly comfortable when you say > that the "*Winblows* Server OS" choice is cheaper and easier to deploy. > This might not be what you want them to hear. > > -Marcus Watts > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
