Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth

Mel Riser mel.riser at fxfn.com
Wed Jun 11 16:15:44 EDT 2003

it is possible... we have several cross realm domains setup... this allows cross realm communications and users from one domain get tickets in another. once it's setup, it's fairly seamless

The Microsoft paper was invaluable... but you MUST follow it step by step.

AND if your NETBIOS REALM and your K5 REALM are the same, one of them has to change.

anyone wanting more direct questions or consulting can email me of list

mel.riser at fxfn.com

-----Original Message-----
From: Matthew Smith
To: kerberos at mit.edu
Sent: 6/11/2003 2:43 PM
Subject: Re: Possible to use a Windows Domain *and* UNIX/MIT Kerberos Auth

You can set up a trust from your AD Domain(s) to your Kerberos realm, 
and them use the userprincipal field of AD to map a AD user account to a

kerb princ.  This allows you, effectively, to use your login info from 
your krb5 realm, but get a SID and other AD info (group membership, 
personal info, etc) from AD.

There is a whitepaper up on MS's site.

MattW wrote:
> Esteemed Others,
> Is it possible to use Windows2000 Active Directory service, and
> benefit from the centralized user and group info, but to use
> Kerberos hosted on a linux machine as the Authentication piece?
> I see descriptions on the net for using Kerberos to Authenticate,
> but none of them seem to include a domain setup. Is this an
> either-or scenario?
> thanks,
> Matt

Kerberos mailing list           Kerberos at mit.edu

More information about the Kerberos mailing list