Hello, I already know that Active Directory can integrate with ISC BIND. In addition, I can use ISC DHCP. However, I would like to ask the following questions about Active Directory (I'm not an expert on this): a) How standards-compliant is Active Directory's LDAP implementation? b) Are there any proprietary MS directory access protocols used in Active Directory? If so, do you have to use them or is everything done via LDAP? c) I know that the Active Directory schema does not follow the X.500 schema strictly. Therefore, what are the deviations? d) Does Active Directory hook into the undefined field in use in Microsoft's implementation of Kerberos? Can I use MIT Kerberos with Active Directory instead? e) What other protocols if any have I missed that I should take a look at? f) How compliant is Microsoft's Kerberos/PKI implementations with PKCS standards? That's another question... Can someone please point me to some useful information / documentation / resources to get definitive answers? Thanks! Brian B. >>> "Vernon Schryver" <vjs@calcite.rhyolite.com> 10/22/02 10:40AM >>> > From: "Stephen Sprunk" <ssprunk@cisco.com> > ... > OTOH, does anyone have any evidence Microsoft is attempting to > "embrace and extend" at or below the transport layer? This smells > like a reporter's paranoia. > > Microsoft's application protocols (e.g. CIFS aka NetBIOS, Kerberos) > are certainly problematic, but I've heard no complaints about their IP > stack in several years. Is PPP below transport? Some of us have memories of fun and games in the PPP working group, abeit several years old. Every outfit is vulnerable to the tempation to embrace-and-extend. Organizations such as Microsoft that are exceptionally provincial and unable to conceive of the possibility of networks that don't look like a single, large, well controlled corporate network are particularly vulnerable. (Recall the many mechanisms above TCP in Microsoft products that are almost criminal in the Internet but that might be good ideas inside the safety of big corporate networks.) An organization like Microsoft that has formally endorsed the idea and has a history of embracing-and-extending above transport and in non-network products cannot be expected to avoid the tactic below transport should it ever appear profitable, no matter how much it gives to charities including the ISOC and IETF. Again, other big organizations (specifically including Cisco) are not above embracing-and-extending out of ignorance, provincialism, and failures to bother to do interoperability testing (possible causes of the Microsoft PPP hassles) if not malice. Vernon Schryver vjs@rhyolite.com