Jeremy Allison: Microsoft document kerberos PAC format – with a catch…

[ Linux Today reader Jeremy Allison writes: ]

“Check out the URL :


Essentially, Microsoft have documented the proprietary changes
they made to Kerberos 5, but made the changes available in a self
extracting executable.

Running this .exe gives this click-through license which you
must agree to before extracting (NB. I did not agree and the
extract terminates).

“b. The Specification is confidential information and a trade
secret of Microsoft. Therefore, you may not disclose the
Specification to anyone else (except as specifically allowed
below), and you must take reasonable security precautions, at least
as great as the precautions you take to protect your own
confidential information, to keep the Specification confidential.
If you are an entity, you may disclose the Specification to your
full-time employees on a need to know basis, provided that you have
executed appropriate written agreements with your employees
sufficient to enable you to comply with the terms of this
Agreement. You are also permitted to discuss the Specification with
anyone else who has downloaded the Specification and agreed to
these terms and conditions.”

This is course is a very clever way to pretend to distribute the
spec, whilst making it completely impossible to implement in Open
Source kerberos servers. If you did of course the full weight of US
anti-reverse engineering laws would descend upon you.

Well done Microsoft, seems the DOJ hasn’t blunted your
competitive edge at all 🙂 :-).


Jeremy Allison,
Samba Team.”

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis