On Feb 6, 2008 9:07 AM, Lars Noodin <[EMAIL PROTECTED]> wrote: > bofh wrote: > > > http://msdn2.microsoft.com/en-us/library/ms818754.aspx > > Read the page topic and search for the word "PAC " > > Several links in it appears to confirm that a broken version of Kerberos > is still used: > > "The Kerberos Authentication Group Membership > Extensions extend the Kerberos Authentication > Network Service (version 5) specification..." > > Extend == not a standard anymore. > > Yes a client can be hacked, and many appear to be, to accommodate a > non-standard protocol. But at the end of the day it's still not a > standard.
RFC 2822 extends RFC 822. RFC 822 extends RFC 821. What's your point? The kerberos working team has already accepted it. Additionally, that field was *DESIGNED* to be extended - it was labelled "UNUSED" for gods sake. http://it.slashdot.org/article.pl?sid=07/09/17/2050215&from=rss and search for "pac " Microsoft has done a whole lot of shitty things. Even tried to embrace and extend kerberos. But as I mentioned in my *original* email, they got roundly smacked for it, and decided to release the information. So, put that FUD pipe down please. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related