On Wed, Jun 12, 2002 at 10:25:42AM +0100, David Lee wrote: > But the Windows/PC folk were worried (and I think I share this) about the > ability of AD to interwork (be implemented by?) third party LDAP/Kerberos. > In *theory*, AD is supposed to be compliant with LDAP and Kerberos, isn't > it? But we had nagging doubts about the Microsoft *reality* of this, and > were very concerned that we could end up spending vast amounts of time, > energy and worry, including user frustration etc., chasing the "well it > depends what you mean by compliant" grey areas. (Yes, we been sucked into > the pragmatic realities of selling our soul to Seattle.)
As far as that's concerned, Microsoft does implement Kerberos authentication and cross-realm trust relationships in a manner compatible with the RFCs and interoperable with pre-existing KRB5 implementations. It's only the manner in which AD member servers acquire group membership information about users that has presented a snag for Unix interop. > Am I digressing from Samba here? At first sight, yes. But we'll need > Samba to interoperate with this Inasmuch as I consider samba-technical a forum for discussion of cutting-edge Windows-Unix integration issues, it doesn't seem offtopic to me. :) Steve Langasek postmodern programmer
msg04068/pgp00000.pgp
Description: PGP signature