OK, apparently FUD work BOTH ways. Microsoft did not make changes to Kerberos without consulting the Kerberos group. Quite to the contrary, M$ DID make changes to their original implementation based on feedback from the leadership of the Kerberos project. The full text of the letter from Clifford Neuman can be found at http://www.counterpane.com/crypto-gram-0004.html#CommentsfromReaders Clifford Neuman is the group leader for "Global Operating Systems Technology Group", the current maintainers of the Kerberos standard. http://www.isi.edu/gost/gost-group/ Specifically, the following excerpt from Clifford's letter applies: "There is not currently a standard for representing group information in the authorization data field of Kerberos tickets, so I can't fault Microsoft for developing their own. As part of the design and release of the authorization components of Win2K, they registered identifiers for their authorization data elements, and discussed the high level architectural issues of their use with myself and others in the Kerberos community. This is highlighted by the fact that their early design called for an interpretation of the authorization data field that was inconsistent with its defined use and intent. After discussion (and before they implemented), we worked out an extension that 1) preserved the original intent, 2) significantly improved the usability of the authorization data field for authorization by anybody, not just Microsoft, and 3) is specified in the current Internet draft revising the Kerberos specification." Please leave the FUD-slinging to Microsoft. Linux does not benefit from disinformation no matter who is providing it. Michael J. Sheldon Internet Applications Developer Phone: 480.699.1084 http://www.desertraven.com/ PGP Key Available on Request