Rockstar is absolutely correct in stating that Microsoft's flavor of Kerberos is NOT the Kerberos standard. I write netcentric security software for a living, and when I went to implement kerberos authentication into our software, it was a cinch to do for our Solaris clients. For Win2K, it required reading a bunch of Microsoft's white papers which detailed their "enhancements" to Kerberos. Enhancements my ass.

Passport has had a LOT of security weaknesses exposed in very recent times. You can say a lot of good things about Microsoft and I won't argue with you, but please please don't try to argue that they have a good track record with implementing security. That statement is so false it's humorous.