Is a Kerberos realm in UNIX is analogous to a Kerberos AD domain?

A Kerberos realm in UNIX is analogous to a Kerberos domain, as in an Active
Directory domain, correct? Just asking b/c some appliance/firewall devices
talk about Kerberos Realm name. In lieu of anything else I guess I put my
AD domain name there? These devices need something to authenticate against
so if I put my AD domain name in the spot where it says Kerberos realm I
would be correct? This is a philosophical question, I have no particular
piece of hardware in mind. Or maybe I just need to get my terms cleaned up?
:-)

--
Spin

In news:(E-Mail Removed),
Spin <(E-Mail Removed)> made this post, which I then commented about below:
> A Kerberos realm in UNIX is analogous to a Kerberos domain, as in an
> Active Directory domain, correct? Just asking b/c some
> appliance/firewall devices talk about Kerberos Realm name. In lieu
> of anything else I guess I put my AD domain name there? These
> devices need something to authenticate against so if I put my AD
> domain name in the spot where it says Kerberos realm I would be
> correct? This is a philosophical question, I have no particular
> piece of hardware in mind. Or maybe I just need to get my terms
> cleaned up? :-)

That is correct. On the same token, you can 'kerberize' unix to bind to AD,
which is analogous to joining the domain. That is common with a Mac server
running OSx to join it to AD for resource authenticate to AD.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

Ace Fekay [MVP] wrote:
> In news:(E-Mail Removed),
> Spin <(E-Mail Removed)> made this post, which I then commented about below:
>> A Kerberos realm in UNIX is analogous to a Kerberos domain, as in an
>> Active Directory domain, correct? Just asking b/c some
>> appliance/firewall devices talk about Kerberos Realm name. In lieu
>> of anything else I guess I put my AD domain name there? These
>> devices need something to authenticate against so if I put my AD
>> domain name in the spot where it says Kerberos realm I would be
>> correct? This is a philosophical question, I have no particular
>> piece of hardware in mind. Or maybe I just need to get my terms
>> cleaned up? :-)
>
> That is correct. On the same token, you can 'kerberize' unix to bind to AD,
> which is analogous to joining the domain. That is common with a Mac server
> running OSx to join it to AD for resource authenticate to AD.
>
Is there any documentation on 'kerberizing linux' to bind to an Active
Directory on Windows 2003 Server? I guess I'm looking for a how-tos if
available. Thanks

In news:%23XV5svc%(E-Mail Removed),
M. Eteum <(E-Mail Removed)> made this post, which I then commented about
below:
>
> Is there any documentation on 'kerberizing linux' to bind to an Active
> Directory on Windows 2003 Server? I guess I'm looking for a how-tos if
> available. Thanks


I have propeitary docs I can't share because they have too many specifics in
them, but I did put them together from this link:
Enabling Single Sign in Active Directory with Mac OS X Server:
http://www.4am-media.com/sso/

Then for more info, which aided in putting together the how-to and getting
it to work, the right hand side, there's a link called:
"How to kerberize Mac OS X Server when using Active Directory for
authentication
http://www.4am-media.com/sso

There are other helpful links there as well explaining how it works, and
such.

Here's some more links on AD and OSx below.

Directory Access 1.5 Help Learning About the Active Directory Plug-in:
http://docs.info.apple.com/article.html?artnum=151443

Enterprise computing with OS X Panther server and Active Directory -
Computerworld:
http://www.computerworld.com/softwar...,95925,00.html

Entourage was a another headache, besides the above with authenticating with
AD and using Exchange.

I hope that helps.

Ace