Brett Lymn wrote:
... I have used squid
integrated with Active Directory authentication using purely open
source tools (samba winbindd, MIT kerberos 5, openldap) for _years_.
It works - no ifs no buts, it just goes.
I have not contested that. Anything can be hacked together with enough
skill and effort. Samba is an example. Fine. But in the situation you
describe above there, at the end of the day you still have to have
weakened your network with the presence of MS Windows if it is needed
for AD. And keep in mind we are talking about (open) standards and not
(open) source code.
So, regarding these claims of interoperability, can you put
LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
and removed the need for any other machines running AD?
If yes, then you are correct and AD is standards compliant and a lot of
effort can be saved by building OpenBSD/LDAP+Kerberos+DNS systems.
If not, then these claims of interoperability are baloney (en_AU) and
just marketeers feedin the chooks.
... You are throwing up 8 year old articles
describing problems with operating systems that are now obsolete. As
others have pointed out, what you are pointing at are non-issues and
MS has followed the RFC's.
Those are the most recent ones addressing interoperability.
If there are more recent ones then show them. And no, the link to
slashdot is just that, a link to some comments on slashdot.
What I am saying is that without careful planning, injudicious use of
the patch leads to further entrenchment of an unsound service and the
unsound system in which it is embedded rather than as a transition to a
more stable, secure and maintainable infrastructure.
Ah - you actually failed to answer that bit from my initial message.
Pose the question again. You are, among other things, unclear.
Regards,
-Lars
