-----Original Message-----
From: David Lawler Christiansen (NT) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 3:17 PM
To: Zafar Baig; hot ice; [EMAIL PROTECTED]
Subject: RE: Kerberos on the webNo offense, but this article is old news, speculative and misleading in places. It has nothing to do with MS's use of Kerberos in Passport (which is what Ice is asking, I think), and only questions whether our Kerberos implementation will interoperate with any other implementation. The simple question I must ask in this case is, "have you TRIED it?"My experience is that everyone who insists that we don't interoperate is either speculating, mistaken, or outright lying. We interop just fine, either as a client, a server, or as a KDC, in single and multiple-realm scenarios. If you don't believe me, hunt down someone with Win2K and/or WinXP, or get on the beta program for .NET server. Run your own tests and draw your own conclusions-- don't just believe the spin.Thanks!-Dave-----Original Message-----
From: Zafar Baig [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 11:27 AM
To: David Lawler Christiansen (NT); hot ice; [EMAIL PROTECTED]
Subject: RE: Kerberos on the web
http://www.infoworld.com/articles/en/xml/00/04/28/000428enkerpub.xml
Please read this article carefully to understand interoperability issues.
Excerpts from this article....
"....Microsoft's PAC locks users into its version of Kerberos."
-----Original Message-----
From: David Lawler Christiansen (NT)
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 1:47 PM
To: hot ice; [EMAIL PROTECTED]
Subject: RE: Kerberos on the web
Not trolling, but where exactly did you hear that we were doing it "all
our way", and what does that mean?Thanks!
-Dave> -----Original Message-----
> From: hot ice [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 17, 2002 10:00 AM
> To: [EMAIL PROTECTED]
> Subject: Kerberos on the web
>
>
> Are there any commercially available kerberos-based
> authentication products for the web? I know Microsoft is
> doing something with Passport - but that's still all fuzzy
> and they are doing it in typical MS-fashion doing it all
> their way, or so I hear.
>
> Any suggestions or recommendations on products that offer
> website authentication - username/password, smartcard and a
> combination..?
>
> TIA
>
Title: Message
Resending my message to highly Mr. Christiansen in the
"To" box as it was originally addressed to him. I had addressed it to everyone
in my previous send. Anyway everyone, please feel free to
comment.
Thanks and sorry for the
repeat.
-------
Backgrounder: I am a technical engineering person who has worked on the
MIT krb5 standard on various win32, unix and linux platforms for
several years now. Most of these are through very large scale mission
criticial security server deployments with OSF/opengroup DCE (fyi...DCE has been
going hand-in-hand with krb5 for a really long time now). A 100%
interoperability is a major concern for scalable systems otherwise it becomes a
"my way or the highway" situation. I spend little time developing krb5 apps but
I work pretty deep into the system level code.
I am
looking forward to knowing the technical answers for the speculative or
misleading statements (or "lies") from that article. I won't look at magazines
or .Net's Passport (krb5) reviews for this analysis. Let
us truely analyze the system without bias and see how cool it may or may
not be.
First....What is the latest situation with Krb5 on win2k in terms of
interoperability overhead (especially when considering the proprietary PAC
stuff)? I know that MS has been pushing for it's "Federated"
Kerberos through (project liberty) but what is the latest situation on licensing
and open source? How many auth requests can a krb5 Win2k server take and what
will be the % uptime? The media is only a tool to spread the word/hype around. I
will look at the MS-krb5 code myself if I can get it. How/when can I get this?
Your
answers to these question will pretty assert the big
picture.
Z
- Re: Kerberos on the web hot ice
- Re: Kerberos on the web Nicolas Williams
- Re: Kerberos on the web Cesar Garcia
- Re: Kerberos on the web meeroh
- RE: Kerberos on the web David Lawler Christiansen (NT)
- Re: Kerberos on the web Wyllys Ingersoll
- Re: Kerberos on the web Nicolas Williams
- RE: Kerberos on the web Zafar Baig
- Re: Kerberos on the web Nicolas Williams
- Re: Kerberos on the web Mark H. Wood
- RE: Kerberos on the web Zafar Baig
- RE: Kerberos on the web David Lawler Christiansen (NT)
- Re: Kerberos on the web Wyllys Ingersoll
- RE: Kerberos on the web Paul Jakma
- Re: Kerberos on the web Jeremy Allison
- RE: Kerberos on the web David Lawler Christiansen (NT)
- RE: Kerberos on the web David Lawler Christiansen (NT)
- Re: Kerberos on the web Jeremy Allison
- RE: Kerberos on the web Paul Jakma