Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FBI warns of holiday cyber scams
U.S. Open used Web filtering to prevent online gambling
Google Earth used by terrorists in India attacks
Mumbai terrorist attacks don't deter technology companies
Google layoffs: 10,000 jobs being cut, report claims
Experts to Feds: Sign the DNS root ASAP
Cisco shutting down between holidays
Sprint completes Clearwire WiMAX deal
Mobile sales to beat economic gloom, forecasts Ovum
Start-ups starting to feel economic pain
Spam levels fluctuate as crooks try to revive botnets
Mozilla eyes extra beta for Firefox 3.1
Grim forecast for holiday e-commerce sales
Talking Web, memory assistants and solar-powered cell phones headed mainstream, IBM says
Massive botnet returns from the dead, starts spamming
/

Microsoft, others target Kerberos interoperability

Today's breaking news
Send to a friendFeedback

Advertisement:

By John Fontana
Network World, 02/07/00

Enterprise customers hoping to build interoperability between Windows 2000 and their established Kerberos installations are finally beginning to get some help.

Microsoft and other security vendors, such as CyberSafe, are starting to develop technology that could establish interoperability between standard implementations of Kerberos Version 5 in Win 2000 and Unix-based implementations of the authentication protocol. That interoperability could let enterprise customers build large-scale cross-platform Kerberos infrastructures.

Kerberos is a standard security mechanism that makes users prove who they are before they can gain access to network resources. Microsoft is supporting the protocol for the first time in Win 2000, but there have been questions about its interoperability with other Kerberos environments, especially those running on different platforms.

"What we're talking about are interoperable security credentials," says Chris Christiansen, an analyst with International Data Corp., a market research firm in Framingham, Mass. "You need to create a bridge to support a heterogeneous environment, and that's something Microsoft doesn't do."

A plan in place

Microsoft and CyberSafe have set out to address that problem. The two are working together to prove that CyberSafe's ActiveTrust software can establish a connection, or trust, between Win 2000 and other Kerberos environments. The trust would allow Windows clients to authenticate to non-Windows servers and non-Windows clients to authenticate to Windows servers.

In addition, ActiveTrust will support a number of clients, including Windows 95 and 98, that cannot otherwise use Kerberos in Win 2000.

The software also has a password synchronization feature administrators can use to create a single sign-on.

While Microsoft and CyberSafe are preaching interoperability, the pair have yet to announce a formal partnership.

Others tackle the problem

But they are not the only companies attacking the issue. Gradient Technologies plans to build interoperability extensions between its NetCrusader DCE Security Server and Win 2000 later this year.

Gradient is likely to focus on solving authorization interoperability in addition to authentication because its authorization mechanism within Kerberos is different from Microsoft's.

Gradient would not provide details, but said it would make an announcement a few months after Win 2000 ships Feb. 17, according to Rick Irving, director of the secure server group.

"There is some work to be done in order to allow users to log in to DCE and get access to Microsoft resources," he says.

Gradient and Microsoft use an authorization extension in the Kerberos standard, called the Auth Data field, in a way that is not interoperable.

Gradient, however, uses a publicly available data format in the Auth Data field and Microsoft does not. Last week, Microsoft again said it is finalizing efforts to publish its format. Once the format is public, other vendors can use it to support authorization to Microsoft resources.

Some work completed

However, Microsoft has finalized work on CyberSafe. The two used CyberSafe's ActiveTrust software to create trust relationships between Unix and Win 2000 Kerberos for financial firm Morgan Stanley Dean Witter.

While Dean Witter officials acknowledge they are able to authenticate users between their Unix and Win 2000 environments, enterprise customers are still likely to find interoperability a challenge.

"Wall Street-type companies have done this sort of interoperability but typically under controlled conditions," says John Pescatore, an analyst with Gartner Group. "What may look easy to Dean Witter may not look so easy to others, especially smaller companies."

Enterprise customers are likely to get more interoperability help once Win 2000 ships. Microsoft is rumored to be testing interoperability with others, including Dascom, which was recently bought by IBM, and the Massachusetts Institute of Technology, which developed the Kerberos Version 5 specification.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.