[KLUG Advocacy] M$ released the PAC?

[Justin Buist]

I've never actually seen Kerebos single-sign-on implemented, as I've been
employeed at very small companies in the past.  Where I'm currently at is a 
totally different situation though and I've now got to remember:

a) My Novell signon password.
b) My Exchange e-mail password.
c) My Lotus Notes password
d) A -slew- of usernames/passwords to VNC/PCAnywhre/Terminal Services into 
various development machines.

With Kerebos being available, and now part of AD, I don't see any reason why
this has to exist.  Sure, it could have existed in the past, but with MS
adopting and extending it now, why haven't I seen it implemented here yet?
Has -anybody- seen Kerebos implemented properly at all?  If you have, has it
been the MS version of it?  

The only reason I can gather (and I didn't follow the link) that MS might
finally publish this restriction free is because it's been so slowly adopted.
For as much stink as the Kerebos extensions got I would have thought it's
implementation would be wide-spread, but that doesn't seem to be the case.

Have I just been working in sheltered environments, or is there real worth
to actually being able to communicate the MS-Kerebos standard?

I'm very interested in hearing other's experiences on the matter.

Thank you,

Justin Buist



On Fri, Jan 17, 2003 at 10:24:21AM -0500, Adam Tauno Williams wrote:
> Is the URL below what I think it is?
> 
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/protocol/windows_2000_authorization_data_in_kerberos_tickets.asp
> 
> M$ released, minus the stupid click-EULA, documentation for their proprietary
> Kerberos PAC?  I must have been stoned, and miss this - and I didn't get invited
> to the party.