undefined | Better HN

0 points0x011y ago0 comments

Sure there is. Add an ActiveDirectory specific auth type to the protocol and watch all non-windows clients fail to log in :)

0 comments

5 comments · 1 top-level

mhurron11y ago· 4 in thread

Just like they killed ldap and kerberos so non-MS OS's couldn't use AD. Oh wait ...

In fact, what has MS actually extinguiushed?

pgeorgi11y ago

The kerberos described in http://web.archive.org/web/20140222133423/http://www.network...?

sudioStudio6411y ago

That was from 2000. Since then they have released all of their protocols as open spec documents.

https://msdn.microsoft.com/en-us/openspecifications/default

Their kerberos implementation works with heimdal and mit. They used an optinal field to include group membership data so that authorization decisions could be made from the contents of the ticket.

https://msdn.microsoft.com/en-us/library/gg604662.aspx

I'm just saying. Times have changed. Will they ever be as open as an open source project run by volunteers? No. Have they dramatically improved their position in response to the very real criticisms of their past behavior. Yes.

1 more reply

mhurron11y ago

The kerberos that I authenticate Linux and Solaris boxes against Active Directory with every day.

1 more reply

dec0dedab0de11y ago

They tried to extinguish the web, and failed. That is enough to not trust them for a long while still.

j / k navigate · click thread line to collapse

0 comments

5 comments · 1 top-level

mhurron11y ago· 4 in thread

Just like they killed ldap and kerberos so non-MS OS's couldn't use AD. Oh wait ...

In fact, what has MS actually extinguiushed?

pgeorgi11y ago

The kerberos described in http://web.archive.org/web/20140222133423/http://www.network...?

sudioStudio6411y ago

That was from 2000. Since then they have released all of their protocols as open spec documents.

https://msdn.microsoft.com/en-us/openspecifications/default

Their kerberos implementation works with heimdal and mit. They used an optinal field to include group membership data so that authorization decisions could be made from the contents of the ticket.

https://msdn.microsoft.com/en-us/library/gg604662.aspx

I'm just saying. Times have changed. Will they ever be as open as an open source project run by volunteers? No. Have they dramatically improved their position in response to the very real criticisms of their past behavior. Yes.

1 more reply

mhurron11y ago

The kerberos that I authenticate Linux and Solaris boxes against Active Directory with every day.

1 more reply

dec0dedab0de11y ago

They tried to extinguish the web, and failed. That is enough to not trust them for a long while still.

j / k navigate · click thread line to collapse