From owner-freebsd-chat  Tue Apr 10  0: 4:16 2001
Delivered-To: freebsd-chat@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 04BD037B422
	for <chat@FreeBSD.ORG>; Tue, 10 Apr 2001 00:04:13 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id BAA06461;
	Tue, 10 Apr 2001 01:03:34 -0600 (MDT)
Message-Id: <4.3.2.7.2.20010410005926.00d937b0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 10 Apr 2001 01:03:29 -0600
To: Terry Lambert <tlambert@primenet.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: Win NT vs UNIX ( cross fire )
Cc: mwm@mired.org (Mike Meyer),
	dchulhan@uwi.tt (Dale Chulhan - Home),
	chat@FreeBSD.ORG (chat@FreeBSD.ORG),
	TheTechies@onelist.com (My List),
	mbug@listbot.com (The Trinidad and Tobago Microsoft BackOffice Users Group)
In-Reply-To: <200104092035.NAA28894@usr08.primenet.com>
References: <4.3.2.7.2.20010407152644.0455d9b0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 02:35 PM 4/9/2001, Terry Lambert wrote:

>Microsoft uses a reserved field for a Microsoft-specific "cookie"
>that mapped into the Windows NT credential space.
>
>The author of Kerberos has come out and stated that they are
>using that field in a way it was not intended to be used.

All true!

>It is possible for your Kerberos client machines to use a
>Windows box as a Kerberos server.
>
>It is _not_ possible, however, to use a UNIX box as a Kerberos
>server for Windows machines, without losing some functionality.

Whenever one uses Windows machines, one loses some 
functionality. ;-)

>Because they don't document how they use the field internally,
>it's also not possible to participate as a doamin controller
>in a Windows 2000 domain, unless you are a Windows box.

I'm sure that this will be reverse-engineered.

Of course, participating in Windows 2000 domains is a bad
idea to begin with, because of security problems.

I counsel my clients to avoid file sharing in general
and Windows file sharing in particular.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message