On Thursday 29 April 2004 02:49, Guy Teverovsky wrote: > On Thu, 2004-04-29 at 01:08, Oron Peled wrote: > > On Thursday 29 April 2004 01:00, Yonah Russ wrote: > > > Active directories is very heavy on kerberos- it's theoretically > > > possible to use the same kerberos for both the active directory and > > > linux- I've read you can even convince active directories to use a > > > linux kerberos server. > > > > I would be very cautios about this. Take a look at: > > http://www.usenix.org/publications/login/1997-11/embraces.html > > The only difference is that the "application-specific data" field in > Kerberos ticket contains SIDs (security identifiers) of the groups the > user is member of. > the "application-specific" field in Kerberos > ticket) has been published long ago: > http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=BF6 >1D972-5086-49FB-A79C-53A5FD27A092 (link may wrap)
"Published" is a nice little term, isn't it ? well, you can download it but its an executable (so you need windows or look-a-like to open) which forces you to agree to an EULA before you can get anything. here are a couple of choice passages: "Microsoft grants to you ... for the sole purpose of reviewing the Specification for security analysis ... the Specification is provided to you solely for your informational purposes ... Microsoft does not grant you any right to implement this Specification." "The Specification is confidential information and a trade secret of Microsoft. Therefore, you may not disclose the Specification to anyone else" Its a funny definition of "published", not one that I ever seen before - even RIAA is more lenient in its terms ;-) -- Oded ::.. The end move in politics is always to pick up a gun. -- Buckminster Fuller ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]