hi linuxers,
This is a paragraph from the latest issue of network magazine (international edition) <quote> Microsoft added its own proprietary authorization data-the list of Security IDs (SIDs) that are associated with an authenticated user within each ticket-to tickets within its implementation of Kerberos 5. Kerberos uses principles, or structured names, for authorization, but left room in RFC1510 for vendor-based extensions, such as the one Microsoft designed. While this extension is not terribly useful on Unix systems participating in a domain, Microsoft's refusal to share the details of the extensions means that mixed Kerberos domains must use a Windows 2000 DC, instead of a Unix KDC that an organization might prefer. Microsoft's secret extensions are the second reason Microsoft chose to use an open source security protocol. </quote> Here is the link to the full aricle http://www.networkmagazine.com/article/printableArticle?doc_id=NMG20021104S0 007
What worries me is that as in the case above M$ badmouths open source/ free software and uses it when it is to their advantage. As in the case above, the open source concept weakens the free software philosophy.
Also another point which struck me in the above paragraph was that M$/ propriety vendors can use open source to their advantage by developing their extensions and use open source code in their applications. GPL (copylefting) takes care of this by requiring extensions/modifiactions to be turned back into the community. Open source has none of this "restrictions" (the programmer himself has chosen to use open source code so, actually they are not restrictions). What M$ managed to do is that people having mixed kerberos domains (which is usually the case in corporates/large organisations) "are forced" to use windows KDC which is wrong. Also if there are some security flaws, one cannot fix them leaving the windows KDC open to attacks.
************** Vinayak Hegde APGDST Student NCST-Juhu **************