Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth

Matthew Smith matt at forsetti.com
Wed Jun 11 15:43:56 EDT 2003

You can set up a trust from your AD Domain(s) to your Kerberos realm, 
and them use the userprincipal field of AD to map a AD user account to a 
kerb princ.  This allows you, effectively, to use your login info from 
your krb5 realm, but get a SID and other AD info (group membership, 
personal info, etc) from AD.

There is a whitepaper up on MS's site.

MattW wrote:
> Esteemed Others,
> Is it possible to use Windows2000 Active Directory service, and
> benefit from the centralized user and group info, but to use
> Kerberos hosted on a linux machine as the Authentication piece?
> I see descriptions on the net for using Kerberos to Authenticate,
> but none of them seem to include a domain setup. Is this an
> either-or scenario?
> thanks,
> Matt

More information about the Kerberos mailing list