decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


To read comments to this article, go here
MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Monday, January 19 2004 @ 09:13 AM EST

It's free. No doubt you've heard Microsoft is offering Services for Unix free. Now you can use 90% of your Linux applications on Windows. Your dreams are coming true. 90%. So quit switching to Linux, you guys. They must think we like GNU/Linux software because of the applications.

Um, didn't Uncle Darl preach that giving software away is anticapitalistic? Destroying the economy and all that? I could have sworn he said that. Anyway, Microsoft is doing it.

Again.

Later, they say, Services for Unix could be integrated into Windows, because their license with SCO allows them to do that. Could be. Erm, does 'later' mean after they destroy all Linux competition in the server space, by any chance?

And guess who they are partnering with to bring you this product? Vintela. Does the name sound vaguely familiar? Yes, that Vintela, the privately held Canopy Group company. Oh my.

And guess how long they've been holding hands and working together? Two years.

Two years of work to give the end product away. Why, it's positively a threat to the economy. Somebody write your Congressman, quick. This must be stopped before it spreads. Free software, indeed. That's not the American Way.

When you read the "benefits" of this product they worked so hard on, a lot of things fall into place. Your blood pressure won't fall, though, that's for sure. It's positively bone-chilling.

Services for Unix software "helps integrate Unix and Windows and supports migrations of Unix applications to the Microsoft platform", according to Linux Insider. Free sounds perfect to Laura DiDio, when it's Microsoft doing it:

"'Free is a smart strategy,' says Laura DiDio, an analyst with the Yankee Group.

"'Microsoft is trying to make good and trying to make better with its customers. I'm impressed with what they are doing. They have learned from their mistakes and they don't want to repeat the sins of past years.' One of those sins, DiDio says, was changes in the company's software licensing program, which served to alienate users.

"Microsoft also has enhanced integration with Active Directory, which will allows users to manage NIS domains from the Microsoft directory. The integration, along with applications from third-party vendors, will help Microsoft flesh out its emerging identity management strategy. . . .

"One such partner, Vintela, has upgraded its Vintela Authentication Services (VAS) for Services for Unix 3.5. The VAS software runs on Unix servers and workstations and uses Kerberos or LDAP for authentication instead of NIS.

"'Ours is a NIS migration strategy, you don't run NIS on your network any longer,' says Matt Peterson, CTO for Vintela. 'We are the holy grail of identity management. People want integration not synchronization [between Unix and Windows].'

'Microsoft's Oldroyd said Services for Unix would remain a separate product and there are no immediate plans to bundle it or build it into the Windows operating system even though Microsoft has the right to do so under a licensing agreement it signed with The SCO Group last year."

People want integration? What people? I don't want that, thanks. But like it or not, they have a plan. Here's how it works, according to Microsoft's explanation:

"For the last two years, Vintela worked with Microsoft Corporation to create Vintela Authentication Services (VAS), an interoperability product that UNIX and Linux system administrators can use to seamlessly integrate their authentication needs with the user management tools in the Active Directory® directory service. With Microsoft Windows Services for UNIX you can extend Active Directory to store UNIX account information for users and groups, which provides cost savings by reducing the number of management points for user accounts. . .

"VAS provides the ability to recognize UNIX users of Windows Services for UNIX in real time and integrate their UNIX accounts—plus a Kerberos network authentication system and the LDAP protocol—with Active Directory, a central component of the Windows platform. Active Directory implements the Kerberos 5 protocol authentication standard to provide a high level of security. VAS uses Kerberos encryption to help protect sensitive user credentials from being seen 'in the clear' and to extend network and user security to all platforms.

"VAS extends the reach of Active Directory to UNIX and Linux systems, so administrators can centralize their user identity authentication needs within Windows. VAS extends that reach even further with Services for UNIX 3.5. The result is a secure, easy-to-use solution for managing a single user identity natively in Active Directory across a mixed UNIX, Linux, and Windows environment.

"According to Grettenberger, Services for UNIX 3.5, combined with VAS identity management, is a best-of-breed authentication solution for customers who are integrating Windows, UNIX, and Linux environments.

"With a VAS-enhanced user authentication solution, the customer realizes a complete migration to Active Directory while retaining all the advantages of the feature-rich Services for UNIX tools. Combined, VAS 2.2 and Services for UNIX 3.5 solve the migration problem from UNIX Network Information System (NIS) to Active Directory. NIS is a naming and administration system for UNIX networks. . . .

"Using NIS, each host client or server computer in a system has knowledge about the entire system. A user at any host can get access to files or applications on any host in the network with a single user identification and password. With NIS clients, Services for UNIX helps solve interoperability issues between UNIX and Windows with tools such as the Two-way Password Synchronization and Server for NIS components, which reduce system administration time by centralizing network management across UNIX and Windows platforms.

"'Using VAS as the second stage in a migration process is compelling for those who have used Services for UNIX to import user accounts to Active Directory and wish to migrate from NIS-based identity management,' says Grettenberger. 'Together, the Vintela and Microsoft products securely bridge the gaps that prevent network management across UNIX, Linux, and Windows-based computers. VAS and Services for UNIX offer an interoperability solution in which access control is determined by enterprise policies instead of by platform. . . .Some enterprise organizations have standardized their business infrastructures on Microsoft products, specifically Windows 2000 Server and Windows Server 2003, Windows XP, and the numerous programs associated with them. . . Therefore, it is only natural that a new centralized authentication and management system would employ Windows Active Directory instead of a UNIX or Linux alternative."

From Linux to Active Directory. Why would anyone want to go that direction? Linux accounts under the thumb of Microsoft. Can I get a second opinion before you schedule this surgery, please? Maybe I'm not looking at it from the DRM perspective, the way Daddy Microsoft would like me to. If I make that mental adjustment and realize what's good for Microsoft is good for me, then I notice the bottom line "benefit":

"Because VAS fully integrates with Kerberos encryption, VAS-enabled UNIX servers become full participants in the Windows-based identity management and authentication infrastructure. Therefore, many Microsoft management and reporting tools automatically become available to UNIX users. All users have logon accounts and passwords in Active Directory so they can securely access critical systems and applications across all platforms, eliminating the need for custom-built password synchronization scripts. Having one directory for identity management—instead of multiple directories or synchronization scripting—reduces costs. . . .

"Consolidating information into the central Active Directory repository means that user account information also can be managed from a central location, across multiple cities, states, or countries. Centralization yields a consistent approach to administration, better compliance with information security, and a standard administrative interface that reduces administrator-training requirements."

So. That's the plan, Stan. Centralization of your passwords and stuff. Under Microsoft's thumb. And watchful eye. With maybe some RIAA and Warner Bros. friends happy if they DRM everyone on Planet Earth even if it means destroying some very important things for the rest of us. Like privacy. And our security. And freedom.

Do they really expect to sell the idea that going to Microsoft from any Unix environment will *increase* security? And putting all your sensitive data in one place. Yes, that'll increase security, for sure. Not. Privacy? Well, a man who reportedly has cameras in his house keeping an eye on his guests wherever they go probably doesn't grok the concept.

In short, Microsoft would like to be your Big Brother. You can pay him later.


  View Printable Version


Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )