back to article Got $600 for every Win Server 2003 box you're running? Uh-oh

Microsoft is officially charging customers at least $600 per server to safely run Windows Server 2003 after its July 14 support cut-off date. The number has come to light from Microsoft licensing expert Paul DeGroot of Pica Communications, who told The Reg he knows customers who’ve been quoted this figure. The price is for …

Page:

  1. Ashton Black

    Over a barrel.

    Now.... bend over. A nice little earner for Microsoft.

    1. Tim Jenkins

      Re: Over a barrel.

      A nice barrel too: 4" Colt Python, I reckon...

    2. Sandtitz Silver badge
      Meh

      Re: Over a barrel.

      So it's maybe $600 with a Windows 2003 server (minus the potential discounts the article mentions)

      What's the going price for extended support for RHEL, SLES?

      Are they offering any custom services beyond their original lifecycle programs for RHEL3 or SLES9?

      Just asking.

    3. Anonymous Coward
      Anonymous Coward

      Re: Over a barrel.

      Still cheaper than RHEL Server @ $799 a year for standard support....

      1. Anonymous Coward
        Anonymous Coward

        Re: Over a barrel.

        You can't compare the two, but if you're price sensitive you wouldn't be paying for RHEL in the first place.

        1. Anonymous Coward
          Anonymous Coward

          Re: Over a barrel.

          "You can't compare the two."

          Well I can - they mostly can do similar things. Lots more security patches to evaluate and deploy for RHEL though than Windows Server which takes more of my time, and it's a lot harder to manage. Windows Server 2003 just works and is much more user friendly.

          "but if you're price sensitive you wouldn't be paying for RHEL in the first place."

          I presume you refer to CentOS. Maybe if you run the IT for Fred Blogs Corner Shop you can deploy that, but those of us in the enterprise world need proper support.

          1. SecretSonOfHG

            Re: Over a barrel. ¿lots more security patches for RHEL?

            Citation needed. And please don't count the patches for components not used in a server configuration, unless you count the same for Windows 2003, that is: MS Office, Media Player, etc.

            Well, you have to tally the IE patches for Windows 2003 as the browser, according to MS, was an integral component of the OS, while you don't have to do the same for RHEL.

            No problem in proving me wrong, but really sceptic about this statement.

            1. Anonymous Coward
              Anonymous Coward

              Re: Over a barrel. ¿lots more security patches for RHEL?

              "Citation needed."

              Here is one from not too long after the launch of Server 2003:

              http://www.informationweek.com/linux-unix-vulnerabilities-outnumber-microsoft-windows-3-to-1/d/d-id/1039278?

              and another:

              http://www.networkcomputing.com/careers-and-certifications/report-linux-vulnerabilities-more-numerous-and-severe-than-windows/d/d-id/1212223?

              Here is a another from 2007:

              http://blogs.microsoft.com/cybertrust/2007/10/16/red-hat-enterprise-linux-4-passes-1000-vulnerabilities/

              There are loads more, but the general message is that Windows Server had fewer holes than an enterprise Linux distribution (As per Jeff Jones even if feature matched) for most if not all years in the last decade...

              1. Anonymous Coward
                Anonymous Coward

                Re: Over a barrel. ¿lots more security patches for RHEL?

                "The full report confirms that Microsoft funded the study"

                Nice links. Did you read them? They're sales bullshit aimed at non-technical people, like you or my boss.

                Counting the number of vulnerability fixes isn't an accurate methodology. One could say that the one with the most fixes is more secure.

                A system is as secure as the idiot using it. I've never worked on Linux, but I've worked with plenty of idiots in the Windows world.

              2. Anonymous Coward
                Anonymous Coward

                Re: Jeff Jones

                (1) Who's Jeff Jones

                (2) why should I trust his input on this topic?

                I know what the answer is for (1).

                I'm still waiting for a useful answer to (2).

              3. SecretSonOfHG

                Re: Over a barrel. ¿lots more security patches for RHEL?

                You post two links:

                - A blog entry on Microsoft's own msdn where someone says "according to my own calculations", I suppose that this means that you accept their word verbatim.

                - An informationweek article that does not even break down by OS the vulnerabilities. Querying the linked NVD database from CERT using the keyword RHEL reports 78 vulnerabilities in total, for everything that is in the database since the dawn of time.

                With the above two facts in consideration, and "according to my own calculations", your statement of RHEL having more security patches is false. And of course, my methodology is wrong, flawed, and lacks credibility. But equally wrong, flawed, and missing credibility as the two sources you quote.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Over a barrel. ¿lots more security patches for RHEL?

                  "Querying the linked NVD database from CERT using the keyword RHEL reports 78 vulnerabilities in total, for everything that is in the database since the dawn of time."

                  Presumably your query term is a fail then:

                  Vulnerability Report: Red Hat Enterprise Linux Server 5

                  http://secunia.com/advisories/product/14052/

                  Affected By 2307 Vulnerabilities

                  1. This post has been deleted by its author

                  2. Chemist

                    Re: Over a barrel. ¿lots more security patches for RHEL?

                    "Vulnerability Report: Red Hat Enterprise Linux Server 5"

                    http://secunia.com/advisories/product/14052/

                    Affected By 204 Secunia advisories 2307 Vulnerabilities

                    Indeed for 2014 (for example) there were (from your ref) 29 'adv - all in Flash & Java

                    Indeed for 2013 (for example) there were (from your ref) 35 'adv' - all in Flash & Java & Acrobat

                    Indeed for 2012 (for example) there were (from your ref) 24 'adv' - all in Flash & Java

                    Indeed for 2011 (for example) there were (from your ref) 25 adv' - all in Flash & Java

                    Indeed for 2010 (for example) there were (from your ref) 29 'adv' - all in Flash & Java

                    Indeed for 2009 (for example) there were (from your ref) 26 'adv' - all in Flash & Java & SAMBA !!

                    Indeed for 2008 (for example) there were (from your ref) 25 'adv' - all in Flash & Java

                    Indeed for 2007 (for example) there were (from your ref) 7 'adv' - all in Flash & Java & elinks ?

                    None between 2003-2007. I unfixed vuln. for RealPlayer (giggle)

                    Shabby, shabby ....

                    Whereas the 400-odd MS 2003 server advisories are almost all MS code related and 22 are not yet fixed.

                    1. This post has been deleted by its author

                  3. Anonymous Coward
                    Anonymous Coward

                    Re: Over a barrel. ¿lots more security patches for RHEL?

                    Chemist, of what relevance whatsoever are the number of advisories? Unless you are complete moron, it would be obvious that this is simply the number of communications on the product from Secunia (which might each document multiple holes). It has no relationship at all to the number of vulnerabilities which is what is being discussed here...

                    1. Chemist

                      Re: Over a barrel. ¿lots more security patches for RHEL?

                      "of what relevance whatsoever are the number of advisories? "

                      Simple AC, once you dig into the details they show that of the ~2000 'vulns' reported in RHEL almost all were in 3rd party software and only one hasn't been fixed. Whereas the 684 Server 2003 vulns where almost all MS code and 22 still haven't been fixed.

                      The fact that you used the link to Secunia to shoot yourself in the foot, as usual, is par for the course

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: Over a barrel. ¿lots more security patches for RHEL?

                        " of the ~2000 'vulns' reported in RHEL almost all were in 3rd party software"

                        Erm no. They were ALL in the Red Hat Linux distribution, as shipped and supported by Red Hat. That Red Hat might obtain many of the components from third parties isn't relevant. That's like claiming IE stats don't count because Microsoft got the original code from Spyglass...

                        1. Chemist

                          Re: Over a barrel. ¿lots more security patches for RHEL?

                          "They were ALL in the Red Hat Linux distribution,"

                          So we can therefore blame Flash and Java vulns in Windows on MS ? Is that what you are really saying ?

                        2. Peter Gathercole Silver badge

                          Re: Over a barrel. ¿lots more security patches for RHEL?

                          "That's like claiming IE stats don't count because Microsoft got the original code from Spyglass.."

                          Um. No. It's really not.

                          Red Hat do not 'own' all of the packages. They do not claim that they maintain all of the packages. You are falling into the same trap that I showed was false in a previous post. Please refer to that.

                          But to re-iterate. Red Hat own the compilation and packaging of many of the packages in their repositories. They do not own the maintenance of the packages themselves. They could fork a package if they wanted (it's Open Source after all), but in most cases they don't want to for perfectly valid reasons. Use Firefox as an example, which is in the distro, but is maintained by the Mozilla Foundation.

                          In contrast, Microsoft claim IE as their own package. They maintain it. They employ staff explicitly to maintain it, and they would be super-pissed if someone else tried to publish a derivative of IE, or claim some IP over it.

                          It appears to me that you are deliberately trying to confuse the issue, unless you really have a fundamental mental block about what Open Source is all about.

                          1. JamesTQuirk

                            Re: Over a barrel. ¿lots more security patches for RHEL?

                            Like Chrome, isn't isn't a Google rewritten version of OpenSource Chromium ?

                            http://www.chromium.org/

                            The "wheel/mousetrap" is NOT being reinvented lately, mostly, just merging of "products" thru shared idea's/views, there only so many ways to watch a cat video ..

              4. Anonymous Coward
                Anonymous Coward

                Re: Over a barrel. ¿lots more security patches for RHEL?

                "the general message is that Windows Server had fewer holes than an enterprise Linux distribution (As per Jeff Jones even if feature matched) for most if not all years in the last decade..."

                Dear mods,

                Why is it OK for this post/poster to claim that Jeff Jones is authoritative on this subject, and yet it is not OK (as in, posts will be rejected) for anyone (e.g. me) to point out that Jones is a long term senior Microsoft employee (and before that, Mcafee, as far back as 1998). Given that history, he's not exactly an independent authority on the subject, is he? So in many people's eyes it might be considered entirely fair to point out that he's linked(in) with MS and McAfee.

                What kind of wording might be acceptable to you, if it was permissible to point out that Jones isn't an "independent witness"?

                Would you be offended if anyone suggested that your selective censorship might have the appearance of (even if not the intention of) double standards?

                If you fancy replying, you have my personal email address but I can't access it from work as the nice IT people have blocked access to external email and bypassing the blocks is a sacking offence.

                Have a lovely day.

                1. gazthejourno (Written by Reg staff)

                  Re: Re: Over a barrel. ¿lots more security patches for RHEL?

                  Posting a link to someone's LinkedIn profile with one line saying "look, he worked for Microsoft" and summarily dismissing anything he has to say on Windows v Linux security isn't constructive.

          2. Anonymous Coward
            Anonymous Coward

            Re: Over a barrel.

            but those of us in the enterprise world

            "us"? Your comment suggests that you know very little about the "enterprise world".

            RHEL is completely different to Windows Server. It's like comparing a BMW with a horse, because they both take you to the shops and back.

            btw, I'm a Windows user, so calm down fan boy.

            1. Anonymous Coward
              Anonymous Coward

              Re: Over a barrel.

              "RHEL is completely different to Windows Server. It's like comparing a BMW with a horse, because they both take you to the shops and back."

              Well yes I give you that. Windows is nice and easy to use and comes with loads of extra luxury features like a BMW, where as Linux takes a lot of time and skill - and is much harder and more time consuming to use, and comes with just the bare essentials, but evetually gets the job done like a horse.

              I note for instance that Linux still doesn't have basic security features like constrained delegation. And last time I checked it still didn't have fileserver basics like file de-dupe and storage tiering out of the box either...

              1. Peter Gathercole Silver badge

                Re: Over a barrel. @AC

                Having just read a Technet description of Kerberos constrained delegation, it would appear that Microsoft have implemented a service using a fundamental feature of Kerberos - which appeared on a number of platforms including UNIX before it was added to Windows, and have been presumptuous enough to have given it a name.

                Linux implementations of Kerberos will have the same fundamental technologies, but nobody has given it s specific name except Microsoft, who are trying to cash in on other people's work. I'm pretty certain that all Linux distro's will have Kerberos 5 support in their repositories. RHEL6.5 certainly has.

                There are also several deduplication facilities available for Linux, including a number of filesystems like btrfs and ZFS. You just have to use a search engine to find them. ZFS also supports tiered storage (before Windows 2012, btw), as does IBM Elastic Storage, although Elastic Storage (aka GPFS) is commercial software.

                I admit that it's not out-of-the-box, but it's hardly difficult to come by.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Over a barrel. @AC

                  "Linux implementations of Kerberos will have the same fundamental technologies, "

                  But Linux doesn't use Kerberos features to control OS user access rights. You have to use kludges like SUDO - which must at least initially execute as ROOT. This is a massive fail. With Windows though you can allocate JUST the rights needed on a fully granular basis.

                  "I admit that it's not out-of-the-box, but it's hardly difficult to come by."

                  Quite - so much more difficult to support if you are installing 3rd party packages, and of course you have to install (compile?!) and configure the product. In Windows I just need to make a few mouse clicks....

                  1. Hans 1

                    Re: Over a barrel. @AC

                    > You have to use kludges like SUDO - which must at least initially execute as ROOT. This is a massive fail. With Windows though you can allocate JUST the rights needed on a fully granular basis.

                    Ever heard of UNIX ACL's ? Thought not.

                    Besides, you do not necessarily have to use sudo, you can use su, you know ? I do not understand your issue with sudo INITIALLY running as ROOT ... do you even know what sudo does ? Go read up on sudoers file, you can adapt it quite some bit, how can you do that one windows ?

                    >Quite - so much more difficult to support if you are installing 3rd party packages, and of course you have to install (compile?!) and configure the product.

                    I cannot remember the last time I was obliged to compile some 3rdparty app ... must be 7 or 8 years - and I use Linux on my primary workstation. I know kernel modules need to be recompiled when a new kernel is installed and the system rebooted, but that happens "transparently".

                    There are quite a few apps in my app repositories, like Java, mysql, postgres etc, etc, etc that I can install in a few clicks as well, however, no "Goto google > type app name > skip ads > locate website > locate download section > locate correct platform/bittiness > find download button, no, really watch out here, there are 5 on this screen > wait, wait, wait > execute file > Next > untick unwanted toolbars and/or adware > Next > untick startup when system starts > untick litter my desktop > reboot > done" bullshit ... for me it is just "Software (link on my dock/panel) > fill app name > click install > wait, wait, wait > done".

                    Actually, that is for mom and pop, I use aliases ..." $ get [app_name] > wait, wait, wait > done."

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Over a barrel. @AC

                      "Ever heard of UNIX ACL's ?"

                      Sure - and it is only recently with NFS 4.1 that you actually got proper granular ACLs in Linux like Windows has had for years. And still not as flexibly or powerfully implemented. And that still doesn't fix delegation of rights, so your point was?

                      "do you even know what sudo does ? Go read up on sudoers file, you can adapt it quite some bit, how can you do that one windows ?"

                      Sure. And it's big potential hole that doesn't provide only the minimum rights needed at all times like Kerberos constrained delegation can. You can do far more than that in Windows. For instance claims based ACLs. How would you do access control like this in Linux then? http://windowsitpro.com/windows-server-2012/enable-claims-support-windows-server-2012-active-directory

                      "cannot remember the last time I was obliged to compile some 3rdparty app ... must be 7 or 8 years - and I use Linux on my primary workstation."

                      Well for me it was last week when I installed a Sip server. And if you claim that then you must hardly use Linux other than as a PC you don't change much on.

                      "There are quite a few apps in my app repositories, like Java, mysql, postgres etc, etc, etc that I can install in a few clicks as well"

                      I just click on the icon for any available software and it installs on demand via App-V and can launch before it has even finished installing via a streaming App-V install...

                      1. Peter Gathercole Silver badge

                        Re: Over a barrel. @AC - ACLs

                        Don't for a second think that ACLs are a feature introduced by Windows.

                        The earliest I remember ACLs being discussed was in Multics, whose design goes back to the 1960's, before Microsoft was even a company. Multics had a very complete security model for it's time, which included control over processes and services as well as the filesystem.

                        The thing about UNIX-like file permissions is that they have been good enough for most purposes for decades. They're a long way from being perfect, and I've said as much many times on these forums, but they can be made to do most of what is required with the right amount of knowledge. This has meant that until recently there was no pressing need to implement ACLs.

                        Where they were implemented, they were frequently unused because system administrators of the time did not think it necessary. Simpler times, maybe.

                        ACL implementations have existed in UNIX systems for many, many years. They first appeared in AIX with AIX 3.1 in 1990, and I'm pretty sure that the Veritas filesystem that could be used as the base filesystem on a number of proprietary operating systems also included ACLs.

                        The Andrew File System had both Kerberos support and ACLs from the early 1990's as well.

                        If you think that filesystem ACLs are not enough, look at the UNIX and Linux implementations of RBAC (and SELinux). Because most RBAC implementations use PAM, this means that it is possible to have RBAC controlled by Kerberos, and even put LDAP in the mix, and this allows something not that dissimilar to what I read Windows can do. And this has been possible for many years, before Microsoft jumped on the Kerberos bandwagon.

                      2. Peter Gathercole Silver badge

                        Re: SIP server @AC

                        It seems to me that several of the distros include packages like Asterisk and Sems in their repositories, and Glassfish/Sailfin appear to be Open Source packages shipped as jar files that will not need compiling. Now I don't know what you were trying to achieve, but did you look?

                        I realise that you may have been wanting features that are not in builds of packages in the repositories, particularly if you want interoperability with some commercial products (vendors just love to include proprietary or bleeding edge extensions which often cause problems with Open Source packages).

                        If the package you were wanting was part of a commercial product, even if it were a free component, then did you try suggesting that the vendor provide the same degree of support for OSs other than Windows as they do for Windows? Sometimes what people see as a deficiency in Linux is really with the vendor of a particular package being unwilling to provide adequate support for Linux platforms, and that is hardly the fault of the distro maintainer, or the Linux community as a whole!

                        1. Anonymous Coward
                          Anonymous Coward

                          Re: SIP server @AC

                          "Now I don't know what you were trying to achieve, but did you look?"

                          It was SipXecs and the default install takes forever and compiles a load of stuff.

                          So for Windows I would typically only have to download and run SETUP.EXE

                          For Linux it's:

                          yum install git make autoconf automake rpm-build libxslt

                          git clone git://github.com/SIPfoundry/sipxecs.git

                          cd sipxecs

                          autoreconf -if

                          mkdir build

                          cd build

                          ../configure --enable-rpm

                          make setup.sh

                          sudo ./setup.sh

                          make sipx.rpm

                          make lib.rpm

                          This is why Linux is so crappy to use.

                          1. Maventi

                            Re: SIP server @AC

                            "So for Windows I would typically only have to download and run SETUP.EXE"

                            Which normally requires a GUI, a waste of server resources. Also, good luck automating that installer process!

                            "This is why Linux is so crappy to use."

                            No, it would normally demonstrate a lazy developer who couldn't be bothered packaging their product. However it appears that this is not the case for sipXecs as they provide a Yum repository (I'm assuming by the instructions above that you are using CentOS or RHEL), so it makes the whole process delightfully simple! Refer to http://wiki.sipfoundry.org/display/sipXecs/Installing+on+Fedora+and+CentOS

                            All that's been demonstrated in the example above is a little lack of appropriate experience between the keyboard and chair.

                            This way you use the same package management system that installed the entire OS and keeps it up to date, so it can take care of automatically updating sipXecs for you too. It all makes it much easier to track changes made to the host, easier to document the installation process and easier to automate. And time is money, right? :)

                            1. JamesTQuirk

                              Re: SIP server @AC

                              Exactly, Maventi

                              if anyone has used Synaptic Package Manager on any Debian based install, it works the same on all, making it easy to train monkeys to use, Windows users need a install file before their brain works, I think ...

                  2. thames

                    Re: Over a barrel. @AC

                    Anonymous Coward says: 'But Linux doesn't ... blah, blah, blah."

                    - So what you're saying is, is that you don't know how to do it. I guess we shouldn't be surprised that PR bots aren't IT specialists.

                    Anonymous Coward says: so much more difficult to support if you are installing 3rd party packages,"

                    - Here's a clue for you - Linux is all third party stuff, from the OS kernel upwards. The Linux developers consist of pretty much the entire IT industry outside of Microsoft, Apple, and their hangers-on. Distros put these "packages" together and support them. That's what they do for a living. It's a competitive market, so either they're very good at support, or they go out of business. They can't use vendor lock-in to coast along while ignoring their customers. If you don't like the support you're getting, then you can switch to a different vendor without having to switch to a different OS or applications stack. It's not like the Microsoft world where you have no choice and no influence.

                    Anonymous Coward says: and of course you have to install (compile?!) and configure the product"

                    - You know you would make a much better PR bot if you actually knew anything about Linux. Compile the product? Why would you do that? The distros compile the binaries and you either just make a few mouse clicks (if you want to use a GUI on your server) or type the relevant "apt-get package-name" if you are running a server without a GUI.

                    The reason there is no single management system is because there's no such thing as a "one size fits all" solution for anything as diverse as the IT industry. A web hosting business just isn't the same as a widget manufacturer ERP system. If you try to make something "one size fits all", you just end up with something that is massively over-complicated for smaller businesses while being inadequate for larger scale systems.

                    Have a look at the Microsoft news that you read here in el Reg in recent years. When's the last time that Microsoft introduced some new operating system feature that isn't a clone or port of something from Linux? Oh look - we have PowerShell - now we have something to write OS management scripts in, just like Linux does! Oh look! - we're going to be getting Docker some day, just like Linux already has! Oh look! - we have HyperV - our private label version of Xen just like Linux does! Oh look! - we have "cloud" (sort of), just like Linux does! I would have to go back to the 1990s to find an era when things (Samba) went the other way.

                    If you want to see the future of Windows sever five years from now, then look at what the major Linux distros are shipping today. If you want to see the long term future of Windows, then look at DEC VMS, because that's the soft of legacy system that Windows is becoming. If you've worked long enough in the IT industry, then you've seen operating systems come and go. I used to think that UCSD P-System was fabulous, but try to find anyone today who even knows what it is (was). It doesn't pay to get too attached to any one of them. IT specialists have to learn new things all the time, because the only constant is change.

                    1. Chemist

                      Re: Over a barrel. @AC

                      "If you want to see the long term future of Windows, then look at DEC VMS"

                      I agree with almost everything you say but to equate Windows with one of the most robust OSs - NO !

                      1. P. Lee

                        Re: Over a barrel. @AC

                        >I agree with almost everything you say but to equate Windows with one of the most robust OSs - NO !

                        Plus, proper clustering and file-system version control?

                        I'm not sure that's Windows.

                    2. Anonymous Coward
                      Anonymous Coward

                      Re:future of Windows vs future of VMS

                      "If you want to see the long term future of Windows, then look at DEC VMS, because that's the soft of legacy system that Windows is becoming. "

                      There's no denying that the world is changing around Microsoft and they're not doing a brilliant job of changing their strategy and products to match (time was when Microsoft *was* a strategy for an IT department; not so now). However...

                      Maybe you've not noticed, but a few months ago, VMS was resurrected. After years of neglect at the hands of HP (and before them, Compaq), HP handed future development of VMS (including a port to x86-64) over to another company, VMS Software Inc, who have (re-)employed many of the VMS development team that were "let go" by HP and predecessors.

                      See e,g,

                      http://www.theregister.co.uk/2014/07/31/openvms_spared/

                      Best of luck doing something similar with Windows NT's successors thirty-five years after NT first arrived.

                  3. JamesTQuirk

                    Re: Over a barrel. @AC

                    Well I cheat & install http://www.freenas.org, Apache, EGroupware, a few other things to make windows happy, gets by my server needs in 90% of cases ....

                    http://www.freenas.org/about/features.html

                    But of course, it does mean "reading manuals" & learning stuff, maybe even a google or 2, to understand, obviously to much trouble for, the Modern IT Pro, who can instruct the Boss who to pay money to, to make up for, being lost, if you need MORE than just need to make a few mouse clicks....

                  4. Maventi

                    Re: Over a barrel. @AC

                    "Quite - so much more difficult to support if you are installing 3rd party packages, "

                    Nope, just add the repo and use apt or yum to do the rest. Worst-case you get a tarball to unpack but it's still relatively easy to automate in most cases if need be.

                    On Windows the standard is using crappy binary installers making arbitrary and almost untrackable changes to the system. MSI packages are a slight improvement but still unnecessarily complex if you dare peek under the hood.

                    Third party software management is so painful on Windows that there exists an entire market dedicated to improving it. It's also the main reason so many corporate Windows shops stick with IE as a browser; it's to much work to try and manage anything that isn't built into the OS or made by MS.

                  5. Peter Gathercole Silver badge

                    Re: Over a barrel. @AC again

                    It is perfectly possible to use Kerberos to control access to a Linux system. All distros I know ship a PAM (Pluggable Authentication Module) which allows you to use Kerberos as a primary access control mechanism. OpenSSH has Kerberos support built in, and there is support for Kerberos tickets in sudo to control user commands.

                    Many years ago (~20 IIRC - before even NTFS 5 and Windows 2000), there was a file system called DCE/DFS for POSIX'y systems that also integrated Kerberos tickets into filesystem ACLs. The Andrew File System (which DCE/DFS was adapted from) still exists and still uses Kerberos tickets to control access. Generally speaking, it's a technology that was regarded as unnecessary, or maybe it was just ahead of it's time. I think that GPFS can also use Kerberos, but that may just be for system-to-system authentication. Thinking about it NFS4 and later uses GSSAPI, and you can plug Kerberos into that as well.

                    So don't think that Microsoft invented these things in Windows. They're playing catchup, but no doubt they will try embrace, extend and extinguish again as they have tried with LDAP/Active Directory and DNS.

                  6. Vic

                    Re: Over a barrel. @AC

                    But Linux doesn't use Kerberos features to control OS user access rights.

                    It does if you tell it to...

                    Vic.

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Over a barrel. @AC

                      "It does if you tell it to...

                      Vic."

                      It can't provide authorisation as a granular "least rights required" solution like Windows does out of the box without complex third party software...

              2. Anonymous Bullard

                Re: Over a barrel.

                Windows is nice and easy to use and comes with loads of extra luxury features like a BMW

                And the users are wankers?

                Before any BMW owners get offended, I used to own one. I also used to use Windows. Both were expensive to run, and you were screwed if anything broke.

                Bastard Microsoft Windows.

    4. Roland6 Silver badge

      Re: Over a barrel.

      >A nice little earner for Microsoft.

      Well it's going to be a nice little earner for someone: Upgrade and it seems you've got yourself a CRM and/or ERP migration project £££££ or simply pay MS less than one day of consultancy per year per server...

  2. Anonymous Blowhard

    People who don't plan ahead get penalised

    In other news, Pope admits to being Catholic.

  3. PGTART

    Dear custommer it's time to move to linux or else ...

  4. PGTART

    Dear custommer move to free Linux or else we fine you...

    MS is getting itself into problems, the only vendor who asks money for its operating system.

    People who bought it should have life time support by definition of the act of buying.

    Or else they should provide free upgrades, as in fact since NT4 all versions have been upgrades, look at the kernel core, none was radical new.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dear custommer move to free Linux or else we fine you...

      "MS is getting itself into problems, the only vendor who asks money for its operating system."

      Getting money doesn't sound like a problem to me. And you must have never heard of Apple, Red Hat, SUSE, Ubuntu. etc. etc.

      "People who bought it should have life time support by definition of the act of buying"

      They do - free online support for the supported life of the product for Server 2003.

      "Or else they should provide free upgrades, as in fact since NT4 all versions have been upgrades,"

      How would they pay for developing these upgrades then? nb - you do get 'free' upgrades if you pay for full support (Software Assurance).

      "look at the kernel core, none was radical new."

      There have been thousands of kernel related changes since NT4.

    2. InsaneGeek

      Re: Dear custommer move to free Linux or else we fine you...

      Let me ask you this... what was RedHat's response to the latest Ghost exploit for RHEL4 boxes? We have 5000+ RHEL 5+ servers and 2-300 still running RHEL4 (legacy apps we don't have code for from companies we purchased, etc). We were paying for a license on all the boxes (including 4 so they could be upgraded) but not extended RHEL 4 support. Redhat made a binary rpm for the security fix, but only was available if you purchased extended RHEL4 support for ALL old boxes, we couldn't even find the SRPM on their ftpsite multiple of days afterwards (also tried the can we buy a few licenses call they rejected it). Looked at CentOS, but they don't have any updates for RHEL4 anymore. RHEL4 was released in 2005, multiple years after Win 2003 and you've had to pay for security updates before one had to for Microsoft. If anything MS is showing how much better they are at long term support then linux is.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like