As much as Microsoft would love for all companies to have a completely Windows 2000-based network, the chances of that happening are not very great. There are just too many alternatives. If your network is like most, you use the best operating system to do the job at hand. That may be Windows 2000, it may be NT, it may be NetWare, or it may be Unix. So, Microsoft had to provide the flexibility to support SSO within a network comprising a variety of vendors' platforms. This was done with its support for standards-based authentication protocols and Microsoft gateway products. As you can see in Figure 10.7, Kerberos provides just part of the puzzle.
FIGURE 10.7 SSO in a real network
Before SSO, if you had a mixed network, you often found yourself providing duplicate resources for different network segments. Now, enterprises can share existing resources between all users of the network, rather than having to continually redo work that has already been done. In a model similar to the Internet, users can easily navigate through the corporate network without needing to know when they have crossed the boundary from one platform to another. Security is improved by providing for mutual authentication of clients and servers, and by removing the temptation for users to write down their multiple passwords.
How can you make it work? One of the ways is with the introduction of some third-party tools. For example, by using something like CyberSafe's TrustBroker, you can provide SSO between Windows 2000 and networks running the MacOS, AIX, Digital Unix, HP-UX, IRIX, Netware, Solaris, SunOS, Tandem, and MVS/ESA operating systems.
Was this article helpful?