Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth

[Matthew Smith]

You can set up a trust from your AD Domain(s) to your Kerberos realm, 
and them use the userprincipal field of AD to map a AD user account to a 
kerb princ.  This allows you, effectively, to use your login info from 
your krb5 realm, but get a SID and other AD info (group membership, 
personal info, etc) from AD.

There is a whitepaper up on MS's site.
-Matt

MattW wrote:
> Esteemed Others,
> 
> Is it possible to use Windows2000 Active Directory service, and
> benefit from the centralized user and group info, but to use
> Kerberos hosted on a linux machine as the Authentication piece?
> 
> I see descriptions on the net for using Kerberos to Authenticate,
> but none of them seem to include a domain setup. Is this an
> either-or scenario?
> 
> thanks,
> 
> Matt
>