Hello,
I already know that Active Directory can integrate with ISC BIND. In addition,
I can use ISC DHCP.
However, I would like to ask the following questions about Active Directory
(I'm not an expert on this):
a) How standards-compliant is Active Directory's LDAP implementation?
b) Are there any proprietary MS directory access protocols used in Active
Directory? If so, do you have to use them or is everything done via LDAP?
c) I know that the Active Directory schema does not follow the X.500 schema
strictly. Therefore, what are the deviations?
d) Does Active Directory hook into the undefined field in use in Microsoft's
implementation of Kerberos? Can I use MIT Kerberos with Active Directory
instead?
e) What other protocols if any have I missed that I should take a look at?
f) How compliant is Microsoft's Kerberos/PKI implementations with PKCS
standards? That's another question...
Can someone please point me to some useful information / documentation /
resources to get definitive answers? Thanks!
Brian B.
"Vernon Schryver" <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> 10/22/02
10:40AM >>>
From: "Stephen Sprunk" <ssprunk(_at_)cisco(_dot_)com>
...
OTOH, does anyone have any evidence Microsoft is attempting to
"embrace and extend" at or below the transport layer? This smells
like a reporter's paranoia.
Microsoft's application protocols (e.g. CIFS aka NetBIOS, Kerberos)
are certainly problematic, but I've heard no complaints about their IP
stack in several years.
Is PPP below transport? Some of us have memories of fun and games in
the PPP working group, abeit several years old.
Every outfit is vulnerable to the tempation to embrace-and-extend.
Organizations such as Microsoft that are exceptionally provincial and
unable to conceive of the possibility of networks that don't look like a
single, large, well controlled corporate network are particularly
vulnerable. (Recall the many mechanisms above TCP in Microsoft products
that are almost criminal in the Internet but that might be good ideas
inside the safety of big corporate networks.)
An organization like Microsoft that has formally endorsed the idea and
has a history of embracing-and-extending above transport and in
non-network products cannot be expected to avoid the tactic below
transport should it ever appear profitable, no matter how much it gives
to charities including the ISOC and IETF.
Again, other big organizations (specifically including Cisco) are not
above embracing-and-extending out of ignorance, provincialism, and
failures to bother to do interoperability testing (possible causes of
the Microsoft PPP hassles) if not malice.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com