[Gllug] More Microsoft FUD
Alex Hudson
home at alexhudson.com
Wed Nov 7 20:06:07 UTC 2001
On Wednesday 07 November 2001 4:54 pm, you wrote:
> Did anybody else notice the Kerberos excerpt:
>
> "Windows 2000 supports Kerberos security, which provides a state-of-the-art
> user authentication. It is widely accepted that Microsoft has the current
> reference implementation of Kerberos in Windows 2000."
>
> "Kerberos can be installed on Linux, but only as an extra feature., and the
> fact that Kerberos is not a standard feature in Linux leads to
> versioning problems.
Actually, I have to agree with MS about that - Linux support for Kerberos is
woeful. MS Kerberos is also better than the 'standard', and I wish that they
had submitted their extension as a real extension rather than just
proprietizing it. RedHat comes pretty close to decent Kerberos support, but
setting up a Linux Kerberos domain is _damn_ _tough_.
I think Linux security in general needs to grow up fast; in the 70s it
probably looked quite cool, but is way dated now. Particularly NSA-type
enhancements, ACLs, and support for objects bigger than 'this computer'
(i.e., built in Kerberos domain support for example). Even NT 4 was more
advanced than Linux :(
> By contrast, all OS and security patches are
> immediately posted to the Microsoft Website-much better than Linux-, which
> would require having to get the fixes from any number of vendors who are
> providing the various pieces of a Linux deployment".
Again, they have something of a point if you roll your own. However - this is
a far weaker argument than their previous one, since most people get their
'Linux' from one vendor (RedHat, SuSE) and only need to go to one place.
Generally, people get their apps from the same vendor too, so in some ways
the Linux way is better than the MS way.
Cheers,
Alex.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list