Kerberos Rant

Marcus Watts mdw at umich.edu
Wed Apr 7 05:00:07 EDT 2010


...
> My complaint is the Kerberos project is all about a security protocol. One
> which can be used to replace the standard user authentication system of the
> OS. Now it doesn't matter how Unix-friendly a company is; at some point in
> time they will want/need to connect a Windows machine to their network (for
> arguments sake, say the bosses new girlfriend has a Windows laptop) and
> risk assessors will think of scenarios like this before using a technology.
> If you can't cater for Windows' vast market share; you are no longer a
> viable option!!
...

What?  The folks on this mailing list do not all work at one place.
Some of those places have large ms windows infrastructures, and there
is a wide variety of different ways of marrying windows, unix, and other
machines, with varying properties.  Of course, some of us are also in
the happy position of being able to largely ignore ms windows.

If you're talking specifically about MIT kerberos (and not just about the
protocol), um, well, I believe MIT is a private educational institution,
which has slightly different goals than a large commercial corporation.
Your bosses new girlfriend might not fit those goals the way you think.

Perhaps you intended to flame MicroSoft?  For *most* of the people on this
list I venture to say there's little we can do to make your MicroSoft
experience better.  That is because very few of us are in a position to
directly influence the choices MicroSoft makes.  And MicroSoft, being
a commercial company, does make decisions accordingly to its perceived
commercial interests.  One of the choices I found peculiar was their
decision not to backport AES support to XP and older versions of windows.
Presumably they don't see why their customers shouldn't just rush out and
upgrade to Vista.  I'm sure they'll feel mostly comfortable when you say
that the "*Winblows* Server OS" choice is cheaper and easier to deploy.
This might not be what you want them to hear.

				-Marcus Watts



More information about the Kerberos mailing list