syncing MIT Kerberos to Active Directory

Tony Pugielli tpugielli at
Mon Oct 5 22:23:23 EDT 2015

Excellent,  Thank You for the response.

For service related issues, please call 732-553-9100 option 2, option 2 to speak with our TAC engineers. Email is not monitored for service requests.
Tony Pugielli
Manager of Systems Engineers
Turn-key Technologies, Inc.   (TTI Wireless)
2400 Main St. Ext. Suite 12 Sayreville, NJ 08872
(W) 732-553-9100 ext. 123
(M) 732-320-0711
(F) 732-553-9107

-----Original Message-----
From: Russ Allbery [mailto:eagle at] 
Sent: Monday, October 5, 2015 4:26 PM
To: Tony Pugielli <tpugielli at>
Cc: kerberos at
Subject: Re: syncing MIT Kerberos to Active Directory

Tony Pugielli <tpugielli at> writes:

> Good day, I have an environment with MIT Kerberos and Active 
> Directory. Is there a way to keep both databases (username and 
> password) in sync? The use case is 802.1x authentication. EAP-GTC is 
> not native to many devices so we want to use Active Directory so we 
> can take advantage of the more widely native supplicant PEAP-MSCHAPV2. 
> We would prefer the user only need to keep track of one username and 
> password. Right now the Kerberos MIT database is widely used for their 
> single sign-on applications.

You may find:

useful, although it only does passwords.  I believe there is a krb5-adsync package somewhere based on that which also creates accounts.

Russ Allbery (eagle at              <>

More information about the Kerberos mailing list