hi linuxers,
This is a paragraph from the latest issue of network magazine (international edition) <quote> Microsoft added its own proprietary authorization data-the list of Security IDs (SIDs) that are associated with an authenticated user within each ticket-to tickets within its implementation of Kerberos 5. Kerberos uses principles, or structured names, for authorization, but left room in RFC1510 for vendor-based extensions, such as the one Microsoft designed. While this extension is not terribly useful on Unix systems participating in a domain, Microsoft's refusal to share the details of the extensions means that mixed Kerberos domains must use a Windows 2000 DC, instead of a Unix KDC that an organization might prefer. Microsoft's secret extensions are the second reason Microsoft chose to use an open source security protocol. </quote> Here is the link to the full aricle http://www.networkmagazine.com/article/printableArticle?doc_id=NMG20021104S0 007
What worries me is that as in the case above M$ badmouths open source/ free software and uses it when it is to their advantage. As in the case above, the open source concept weakens the free software philosophy.
Also another point which struck me in the above paragraph was that M$/ propriety vendors can use open source to their advantage by developing their extensions and use open source code in their applications. GPL (copylefting) takes care of this by requiring extensions/modifiactions to be turned back into the community. Open source has none of this "restrictions" (the programmer himself has chosen to use open source code so, actually they are not restrictions). What M$ managed to do is that people having mixed kerberos domains (which is usually the case in corporates/large organisations) "are forced" to use windows KDC which is wrong. Also if there are some security flaws, one cannot fix them leaving the windows KDC open to attacks.
************** Vinayak Hegde APGDST Student NCST-Juhu **************
On Mon, 25 Nov 2002 23:40:59 -0700 vinayak_hegde@softhome.net wrote:
Microsoft added its own proprietary authorization data-the list of Security IDs (SIDs) that are associated with an authenticated user within each ticket-to tickets within its
[snip]
This is something MS has been doing for years. It even has a fancy term: "Embrace and Extend".
the details of the extensions means that mixed Kerberos domains must use a Windows 2000 DC, instead of a Unix KDC that an
Right. One of the major reasons why businesses are considering switching away from MS platform is that it lacks interoperability.
that M$/ propriety vendors can use open source to their advantage by developing their extensions and use open source code in their applications. GPL (copylefting) takes care of this by requiring extensions/modifiactions to be turned back into the community. Open source has none of this"restrictions" (the programmer himself has chosen to use open source code so,
There's a difference between open source and open standards. Kerberos is a standard and it doesn't have any source code. All it comprises of are specifications. A particular *implementation* of Kerberos may be open source or closed source.
There seems to be a little misunderstanding about Free Software and Open Source in your statements. GPL'ed software is also Open Source. Please check: http://www.gnu.org/philosophy/categories.html
IMHO, there should be a parallel of Free Software in standards also, wherein, it is required that anyone who extends a standard and uses it to communicate with 3rd parties must publish the full specification of the extensions.
Tahir Hashmi writes:
There seems to be a little misunderstanding about Free Software and Open Source in your statements. GPL'ed software is also Open Source.
I agree Open Source is a superset of free software. But it does weaken the philosophy of free software. Many non-gpl licenses (which are open source licenses) do not require you to submit changes back to the community (which led to the M$ FUD that GPL is viral).
IMHO, there should be a parallel of Free Software in standards also, wherein, it is required that anyone who extends a standard and uses it to communicate with 3rd parties must publish the full specification of the extensions.
Yes that should be the case. But that isn't the case so many times.
************** Vinayak Hegde APGDST Student NCST-Juhu **************
-
Tahir Hashmi -
vinayak_hegde@softhome.net