Linux Today: Linux News On Internet Time.

More on LinuxToday

Inter@ctive Week: Dogging Unix

Jun 29, 2000, 23:17 (4 Talkback[s])
(Other stories by Charles Babcock)

[ Thanks to Jeremy Allison for this link. ]

"Microsoft did not rewrite the Kerberos system, which has served as a high-water mark for Unix system security since its inception at the Massachusetts Institute of Technology several years ago. Rather, Microsoft filled in what had been left blank in the standard. Microsoft's additions, however, are tied to Windows 2000. That means only the Windows 2000 server is schooled to seek information in that blank, which, in turn, means the Microsoft version of Kerberos works with the Windows 2000 server and only the Windows 2000 server."

"This might seem obvious, but when first challenged on the point, Microsoft's Windows 2000 security product manager, Shanen Boettcher, disagreed. He said Morgan Stanley Dean Witter has many legacy Kerberos systems, and when it added Windows 2000 Kerberos to the mix, it "allowed [new Kerberos] Windows 2000 users and [old Kerberos] Unix workstation users to log on" to the same Windows 2000 server. Existing Kerberos systems do not need to be replaced with a Microsoft product, and they can interoperate with existing Unix Kerberos systems, he said."

"And, that's true. Windows 2000 and Unix users of Kerberos can log on to a Windows 2000 server. They just can't log on to an established Unix server...."

"If you're required to keep the old Kerberos directory as part of the Active Directory of Windows 2000 anyway, how long are you going to do the extra work of maintaining two systems? Hence, Microsoft, by adopting an existing Unix standard, had found a formula for replacing some Unix servers with Windows 2000 servers."

Complete Story

Related Stories: