On Thursday 29 April 2004 02:49, Guy Teverovsky wrote:
> On Thu, 2004-04-29 at 01:08, Oron Peled wrote:
> > On Thursday 29 April 2004 01:00, Yonah Russ wrote:
> > > Active directories is very heavy on kerberos- it's theoretically
> > > possible to use the same kerberos for both the active directory and
> > > linux- I've read you can even convince active directories to use a
> > > linux kerberos server.
> >
> > I would be very cautios about this. Take a look at:
> > http://www.usenix.org/publications/login/1997-11/embraces.html
>
> The only difference is that the "application-specific data" field in
> Kerberos ticket contains SIDs (security identifiers) of the groups the
> user is member of.
> the "application-specific" field in Kerberos
> ticket) has been published long ago:
> http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=BF6
>1D972-5086-49FB-A79C-53A5FD27A092 (link may wrap)
"Published" is a nice little term, isn't it ? well, you can download it but
its an executable (so you need windows or look-a-like to open) which forces
you to agree to an EULA before you can get anything. here are a couple of
choice passages:
"Microsoft grants to you ... for the sole purpose of reviewing the
Specification for security analysis ... the Specification is provided to you
solely for your informational purposes ... Microsoft does not grant you any
right to implement this Specification."
"The Specification is confidential information and a trade secret of
Microsoft. Therefore, you may not disclose the Specification to anyone else"
Its a funny definition of "published", not one that I ever seen before - even
RIAA is more lenient in its terms ;-)
--
Oded
::..
The end move in politics is always to pick up a gun.
-- Buckminster Fuller
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
