[CentOS] Re: Fix passwd/shadow/group files? -- network architecture is always piecemeal

Sun Jul 17 15:16:10 UTC 2005
Feizhou <feizhou at graffiti.net>

Bryan J. Smith wrote:

>On Sun, 2005-07-17 at 09:54 -0500, Bryan J. Smith wrote:
>  
>
>>At this point, you're hopelessly lost.  I can keep talking about it, but
>>you won't get it until you have some "technical background."
>>    
>>
>
>I hope you don't take that as an insult (I know you will though).
>You didn't know what a KDC is, so you aren't familiar with how ADS
>works, which is a _core_component_ to Samba 3.0's functionality.
>  
>
I know what a Kerberos authentication system is. You mean a core 
component in Samba 3.0's functionality as an ADS client.

>Microsoft is the "king of buy/reuse/non-development," and ADS is little
>more than the NT SAM stored with LDAP, with a sprawling amount of
>(poorly designed IMHO) schema with MS-centric Kerberos for
>authentication.  Microsoft was under contractual obligation with MIT to
>disclose their Kerberos modifications, and even then they sat on it for
>2 years, but that it is now well documented and other interfaces reverse
>engineered from it.  The kicker is the sprawling MS LDAP schema, and the
>interfaces used on the Windows side -- that's a "moving target" reverse
>engineering issue that will probably _never_ be fully supported.
>
>  
>
Now that is news to me.

>Now I'm going to take the rest of the day and enjoy my wife, hence why I
>won't follow-up on any more questions.  If anyone needs me for further
>discussion that is clearly getting "OT" for this list, you can contact
>me off-list or, better yet, hire me as an independent architect for your
>organization.  ;->
>
>
>  
>
:)