Slashdot: Jeremy Allison Answers Samba QuestionsMar 24, 2000, 20:39 (3 Talkback[s])
(Other stories by Jeremy Allison)
"Microsoft has apparently molested Kerberos in their latest W2K upgrade, can you clear up some of the confusion about how this will effect samba server- NT."
"I've heard their exploitation of the protocol won't affect samba, some say it wreaks havoc, what's the scoop?"
"Jeremy: Short answer - it won't affect Samba."
"Long (*very* long :-) answer - it's a *very* subtle monopoly play by Microsoft to try and entend their desktop monopoly into the server space."
"Kerberos is an authentication protocol (ie. it tells a server *who* you are). It is not an authorization protocol (ie. it doesn't tell a server what you can do). Authentication is all well and good, but in order to have useful network security you also need authorization as well. In UNIX (and NT) this is provided by your user id and a list of group id's to which you belong (on NT both user and group lists are SID's - security ID's - globally unique 128 bit ID's)."