Slashdot Mirror
MIT Launching Kerberos Consortium
alphadogg writes to tell us that next week MIT will be throwing a 20th birthday party for their Kerberos authentication system. In celebration of this milestone they will also be launching a new consortium dedicated to preserving and evolving this standard for years to come. "Kerberos, originally created for MIT's Project Athena, is used mainly by enterprises and MIT's goal is to see the IETF security standard develop into a universal system for single sign-on. [...] 'Kerberos has.... become successful beyond MIT's internal capacity to respond to the world's demands for development, testing and support. So we need a new organizational structure that can accommodate the demand.'"
For the first time, Kerberos will have an official home, supported by MIT and other Consortium members. This is a good thing no matter how you look at it.
This game will waste your life. Don't clicky!
With MS embedding thier version of Kerberos into their OS's it's fairly certain they will try to influence the direction of this in thier favor. Just something to watch out for.
Long ago, people were all upset when Microsoft did the ole embrace and extend thing with Kerberos. I haven't heard much about that for years. Has it been a problem for anyone? Will the Kerberos consortium take whatever Microsoft did into account so as not to break what other people have done to work with and around Microsoft?
MS and the MIT Kerberos crowd get along just fine. I believe the things MS did are generally thought of as good. Some are starting to make it into the Kerberos distros (e.g. I think Heimdal has support for constrained delegation). The PAC business was a little overblown. The Samba guys were able to figure out how to sign the PAC from the doc MS provided and with some carefull network analysis. Of course the Samba guys are not happy overall. I don't know if they have a problem with their Kerberos code but other modes of communication and the semantics to go with are not adequately documented.