On 26 Mar 2005, at 01:09, Craig White wrote:
Red Hat doesn't even distribute a Kerberos that really works with AD - so a full implementation isn't even possible at the present.
Windows implementation of Kerberos V is non-standard to the point that it adds some fields for carrying group information, and uses TCP instead of UDP transport (although it still supports UDP transport). Moreover, modifying a cryptoanalyzed protocol like Kerberos V in such a way doesn't mean automatically that Windows's Kerberos V modified implementation is also secure.
Thus, it's not Red Hat's fault.
