SASL/GSSAPI bind in LDAP plugin? greg at
Sat Feb 25 10:46:02 EST 2006

On Feb 24,  6:38pm, Russ Allbery wrote:
} Subject: Re: SASL/GSSAPI bind in LDAP plugin?

> greg <greg at> writes:
> > On Feb 24,  9:48am, "Henry B. Hotz" wrote:
> >> Even people who understand the issue may not have the charter to
> >> address it, because they are only responsible for the one, narrowly
> >> defined, end capability.

> > The Open-Source/Open-Architecture community has had the charter to
> > address the problem but unfortunately abdicated its responsibility.

> I'm not sure that I actually want to ask this, but... what the heck are
> you talking about?  I'm completely mystified.

No vitriole, just observations... :-)

IAA is the fundemental tenant of modern information delivery
architectures.  Whatever/whoever is the gatekeeper of that process is
ultimately in a position to control the whole delivery stack.

Kerberos was a brilliant piece of engineering.  Well ahead of its time
with respect to an understanding of what would be critical for highly
mobile user's in a non host-centric authentication model.

It has been readily apparent since the late 1990's that it was only
one piece of the puzzle.  As Henry so aptly noted the concept of
authorization was the larger and in some ways more practically
important piece of the puzzle.

The open-architecture community never developed a holistic view of
IAA.  Authentication and authorization needed to be architecturally
wedded but this never occurred until Microsoft stepped in and filled
the void.  That effectively ceded the most critical element of modern
information delivery architectures to proprietary control.

The Open-Source community responded in typical fashion by moving to
create a functional clone of the AD model.  Great and inspired
engineering which ultimately indemnifies the position of the pundits
that OSS replicates rather than innovates.

History has consistently demonstrated the folly of attempting to
compete on a chessboard where someone else can move the pieces at
will.  Unlike WINE the field of IAA won't tolerate a 95% solution.

> Russ Allbery (rra at             <>

IMHO of course.

Now I'm off to push snow.

Best wishes for a pleasant weekend to everyone listening.


}-- End of excerpt from Russ Allbery

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-1686
FAX: 701-281-3949           EMAIL: greg at
"Follow the path of the unsafe, independent thinker. Expose your ideas
to the dangers of controversy. Speak your mind, and fear less the label
of `crackpot' than the stigma of conformity. And on issues that seem
important to you, stand up and be counted at any cost."
                                -- Thomas J. Watson, founder of IBM

More information about the krbdev mailing list