[cups.general] Strange kerberos problem [solved]
Brandon S. Allbery KF8NH
allbery at ece.cmu.edu
Tue Jan 29 14:27:11 PST 2008
On Jan 29, 2008, at 17:17 , John Hodrien wrote:
> On Tue, 29 Jan 2008, Michael Sweet wrote:
>
>> Um, I'm pretty sure that standard MIT Kerberos + LDAP provides
>> groups, without bloating credentials. Anyways, I've updated the
>> code to support credentials up to 64k in size.
>
> MS were criticised by MIT for not using mechanisms already used
> (like DCE)
> when they introduced their PAC stuff. Makes me think they weren't
> being
> complete loons.
The specific complaint there was that Microsoft interpreted the RFC's
definition of the private use area more liberally than MIT intended
(the RFC being an after-the-fact codification of what MIT Kerberos V
implemented). In other words, the complaint was not that they used
it, nor about the content, but about the mechanics of how they used it.
Oh, I should also mention that Microsoft has reason for larger group
information: Unix groups are binary member-or-not, whereas Windows
groups are true ACLs. They're not really comparable.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
More information about the cups
mailing list