[KLUG Advocacy] M$ released the PAC?
Justin Buist
advocacy@kalamazoolinux.org
Fri, 17 Jan 2003 23:06:24 -0500
I've never actually seen Kerebos single-sign-on implemented, as I've been
employeed at very small companies in the past. Where I'm currently at is a
totally different situation though and I've now got to remember:
a) My Novell signon password.
b) My Exchange e-mail password.
c) My Lotus Notes password
d) A -slew- of usernames/passwords to VNC/PCAnywhre/Terminal Services into
various development machines.
With Kerebos being available, and now part of AD, I don't see any reason why
this has to exist. Sure, it could have existed in the past, but with MS
adopting and extending it now, why haven't I seen it implemented here yet?
Has -anybody- seen Kerebos implemented properly at all? If you have, has it
been the MS version of it?
The only reason I can gather (and I didn't follow the link) that MS might
finally publish this restriction free is because it's been so slowly adopted.
For as much stink as the Kerebos extensions got I would have thought it's
implementation would be wide-spread, but that doesn't seem to be the case.
Have I just been working in sheltered environments, or is there real worth
to actually being able to communicate the MS-Kerebos standard?
I'm very interested in hearing other's experiences on the matter.
Thank you,
Justin Buist
On Fri, Jan 17, 2003 at 10:24:21AM -0500, Adam Tauno Williams wrote:
> Is the URL below what I think it is?
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/protocol/windows_2000_authorization_data_in_kerberos_tickets.asp
>
> M$ released, minus the stupid click-EULA, documentation for their proprietary
> Kerberos PAC? I must have been stoned, and miss this - and I didn't get invited
> to the party.