Why no UNIX -> NT or vice versa

From: ca...@insync.net (CAZZI) (CAZZI)
Subject: Why no UNIX -> NT or vice versa
Date: 1996/05/26
Message-ID: <4o89k9$j0l@synthemesc.insync.net>#1/1
X-Deja-AN: 156755376
organization: IMAGES! VP
newsgroups: comp.os.ms-windows.nt.admin.networking

I can see other NT and Workstation system plus the Novell boxes .. but I 
cannot see any Unix systems ... what a farsighted concept. Am I missing 
something abiout Unix boxes easily playing in the NT arena? Why hasn't 
MS made some type of "browse" capability between the NT and Unix systems 
.. will DCE save the day for us? Samba is not a soution in the 
commercial world.

Any thoughts on this "feature" - lack of Unix connectivity.

Should I believe that C2 security has thwarted the development of such 
connecticvity? What might this do to Kerberos apps?

Jacques

From: john...@cs.cmu.edu (John L. Miller)
Subject: Re: Why no UNIX -> NT or vice versa
Date: 1996/05/26
Message-ID: <4o9npj$hl4@cantaloupe.srv.cs.cmu.edu>#1/1
X-Deja-AN: 156817487
references: <4o89k9$j0l@synthemesc.insync.net>
organization: Justsystem Pittsburgh Research Center
reply-to: john...@cs.cmu.edu
newsgroups: comp.os.ms-windows.nt.admin.networking

Hi Jacques - 

ca...@insync.net (CAZZI) (CAZZI) wrote:

|I can see other NT and Workstation system plus the Novell boxes .. but I 
|cannot see any Unix systems ... what a farsighted concept. Am I missing 
|something abiout Unix boxes easily playing in the NT arena? Why hasn't 
|MS made some type of "browse" capability between the NT and Unix systems 
|.. will DCE save the day for us? Samba is not a soution in the 
|commercial world.

Actually, Samba is an adequate solution in the commercial world. Another
possibility is NFS, for which several commercial clients and servers exist for
NT. DCE isn't even out yet, is it? 

Perhaps the reason there is no built-in connectivity from NT to unix is
because there's no built-in connectivity in unix period. The add-in packages
you can get for unix are typically available for NT from ISP's, and it's not
at all clear that Microsoft should infringe on said ISP's markets by building
in specialized connectivity as such. Not that they shouldn't, but since the
market is small, and ISP's are already filling it...

|Should I believe that C2 security has thwarted the development of such 
|connecticvity? What might this do to Kerberos apps?

Hardly. More likely, the lack of parties interested enough in doing
development for such connectivity has thwarted it, if indeed anything has.
And though I use kerberos myself, I'm not aware of more than a handful of
kerberized applications available, which would hardly make not supporting it a
cardinal sin. NT will support kerberos V though, if I understand correctly.
And you or any other enterprising developer can always create a drop-in
security module to replace the native authentication in NT with kerberos or
anything else that meets your needs.

john

From: jer...@netcom.com (Jeremy Allison)
Subject: Re: Why no UNIX -> NT or vice versa
Date: 1996/06/06
Message-ID: <jeremyDsLDIx.HHn@netcom.com>#1/1
X-Deja-AN: 158891937
sender: jer...@netcom13.netcom.com
references: <4o89k9$j0l@synthemesc.insync.net> <4o9npj$hl4@cantaloupe.srv.cs.cmu.edu>
organization: NETCOM On-line Communication Services (408 261-4700 guest)
newsgroups: comp.os.ms-windows.nt.admin.networking

john...@cs.cmu.edu (John L. Miller) writes:

>Hardly. More likely, the lack of parties interested enough in doing
>development for such connectivity has thwarted it, if indeed anything has.
>And though I use kerberos myself, I'm not aware of more than a handful of
>kerberized applications available, which would hardly make not supporting it a
>cardinal sin. NT will support kerberos V though, if I understand correctly.
>And you or any other enterprising developer can always create a drop-in
>security module to replace the native authentication in NT with kerberos or
>anything else that meets your needs.

>john

I'm sorry to disagree with this violently, but this is not true.
It is correct that NT is perfectly capable of using a drop in
authentication module to allow it use authenticate with NIS or
kerboros, what is not available is the documentation from Microsoft
to allow this to happen.

I know as I have the ONC RPC libraries ported to NT and also the knowlege
to write a replacement NIS authentication module for NT. I started to do
this - then ran into the problem that all the required API calls
(you need to write a DLL that implements a set of authentication
calls) are *NOT DOCUMENTED* (Sorry to shout but this *really* bugs
me). I contacted Microsoft and was informed that unless I sign a
non-disclosure agreement I cannot have this documentation.

As the NT/NIS authentication was a freeware project of mine (I 
wanted to release it under the GPL) I couldn't sign the non-disclosure 
- I needed to be able to release the source.

The GINA documentation is fine as far as it goes, but does not allow
full replacement of the authentication mechanism (any user changing
passwords with a 'net use' command from a remote machine will not 
be seen by the GINA library).

Not releasing this information has the side effect that it causes
companies to have to replace UNIX systems with NT or live with two
separate password databases - not a bad effect as far as Microsoft
is concerned, but it makes everyone who wants to integrate NT and
UNIX (and that's a lot of people - look at the Samba survey pages
for a list) suffer.

Sorry for the rant, but being able to write this code would
improve my life by a large amount !

Regards,

	Jeremy Allison,
	j...@vantive.com