On Sat, 2005-03-26 at 04:31, Felipe Alfaro Solana wrote: > On 26 Mar 2005, at 01:09, Craig White wrote: > > > Red Hat doesn't even distribute a Kerberos that really works with AD - > > so a full implementation isn't even possible at the present. > > Windows implementation of Kerberos V is non-standard to the point that > it adds some fields for carrying group information, and uses TCP > instead of UDP transport (although it still supports UDP transport). > Moreover, modifying a cryptoanalyzed protocol like Kerberos V in such a > way doesn't mean automatically that Windows's Kerberos V modified > implementation is also secure. > > Thus, it's not Red Hat's fault. Has Microsoft released the information needed to make an interoperable version? If they haven't, getting it would be an interesting legal battle, given the antitrust settlement that says they have to share the information needed for interoperability (but not necessarily for free...). -- Les Mikesell les@xxxxxxxxxxxxxxxx
