[ Thanks to Jeremy
Allison for this link. ]
“Microsoft did not rewrite the Kerberos system, which has served
as a high-water mark for Unix system security since its inception
at the Massachusetts Institute of Technology several years ago.
Rather, Microsoft filled in what had been left blank in the
standard. Microsoft’s additions, however, are tied to Windows 2000.
That means only the Windows 2000 server is schooled to seek
information in that blank, which, in turn, means the Microsoft
version of Kerberos works with the Windows 2000 server and only the
Windows 2000 server.”
“This might seem obvious, but when first challenged on the
point, Microsoft’s Windows 2000 security product manager, Shanen
Boettcher, disagreed. He said Morgan Stanley Dean Witter has many
legacy Kerberos systems, and when it added Windows 2000 Kerberos to
the mix, it “allowed [new Kerberos] Windows 2000 users and [old
Kerberos] Unix workstation users to log on” to the same Windows
2000 server. Existing Kerberos systems do not need to be replaced
with a Microsoft product, and they can interoperate with existing
Unix Kerberos systems, he said.”
“And, that’s true. Windows 2000 and Unix users of Kerberos can
log on to a Windows 2000 server. They just can’t log on to an
established Unix server….”
“If you’re required to keep the old Kerberos directory as part
of the Active Directory of Windows 2000 anyway, how long are you
going to do the extra work of maintaining two systems? Hence,
Microsoft, by adopting an existing Unix standard, had found a
formula for replacing some Unix servers with Windows 2000
servers.“