“Microsoft has apparently molested Kerberos in their latest
W2K upgrade, can you clear up some of the confusion about how this
will effect samba server- NT.“
“I’ve heard their exploitation of the protocol won’t affect
samba, some say it wreaks havoc, what’s the scoop?”
“Jeremy: Short answer – it won’t affect Samba.”
“Long (*very* long 🙂 answer – it’s a *very* subtle monopoly
play by Microsoft to try and entend their desktop monopoly into the
server space.”
“Kerberos is an authentication protocol (ie. it tells a server
*who* you are). It is not an authorization protocol (ie. it doesn’t
tell a server what you can do). Authentication is all well and
good, but in order to have useful network security you also need
authorization as well. In UNIX (and NT) this is provided by your
user id and a list of group id’s to which you belong (on NT both
user and group lists are SID’s – security ID’s – globally unique
128 bit ID’s).”