Merging Windows with non windows kerberos.

Binary FreakBinary Freak Member Posts: 37 ■■□□□□□□□□
Been doing a tad 'research' lately, specifically into merging. I understand merging two different ADs together. But how about Windows Kerberos with non-Windows Kerberos?

Was wondering what would be approaches to said title.

Been trying to find information online regarding realm trusting. Would that accomplish a merge between the two? If so, how does it work from your POV. Microsoft seem to enjoy the fashion industry?

Thanks,

Michael icon_study.gif

Comments

  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    Not clear what exactly you are trying to do. Merging two ADs together while a complex task still is something doable and documented. But AD isn't Kerberos, in the end AD is a LDAP hierarchical multi-master clustered database on ESE engine. Are you talking about merging AD with, say, OpenLDAP or similar database?

    Kerberos is an authentication/authorization protocol that is used among with NTLM in AD environments. Does AD support foreing Kerberos realms? It does, there's a special realm trust that you theoretically can set up, however, i'd say it's a pretty rare case as during my 15 years working with ADDS for enterprise clients I never saw that functioning in real production environments.

    Personally I remember myself setting up Kerberos authentication for IBM AIX hosts against Active Directory. Microsoft, while seem supporting book Kerberos V5 also added some additional features here and there like additional error codes that aren't described in vanilla Kerberos V5, Kerberos pre-authentication by default which isn't required by vanilla Kerberos V5, etc., so there certainly could be compatibility issues when interacting with non-Windows systems but often they can be dealt with by some tuning.
  • Binary FreakBinary Freak Member Posts: 37 ■■□□□□□□□□
    REMOVED UNNECESSARY QUOTE FROM PREVIOUS POST
    Aye, this is what I was getting at, my bad.

    Thanks for pointing that out
  • poolmanjimpoolmanjim MCSE, MCSA: 2016, MCSA: 2012 KC, KS, USAMember Posts: 285 ■■■□□□□□□□
    In Active Directory you can use Realm Trusts to connect to non-Active Directory Kerberos domains.

    https://technet.microsoft.com/en-us/library/cc731297.aspx
    2019 Goals: Security+
    2020 Goals: 70-744, Azure
    Completed: MCSA 2012 (01/2016), MCSE: Cloud Platform and Infrastructure (07/2017), MCSA 2017 (09/2017)
    Future Goals: CISSP, CCENT
Sign In or Register to comment.