Merging Windows with non windows kerberos.

Binary Freak

Been doing a tad 'research' lately, specifically into merging. I understand merging two different ADs together. But how about Windows Kerberos with non-Windows Kerberos?

Was wondering what would be approaches to said title.

Been trying to find information online regarding realm trusting. Would that accomplish a merge between the two? If so, how does it work from your POV. Microsoft seem to enjoy the fashion industry?

Thanks,

Michael

gespenstern

Not clear what exactly you are trying to do. Merging two ADs together while a complex task still is something doable and documented. But AD isn't Kerberos, in the end AD is a LDAP hierarchical multi-master clustered database on ESE engine. Are you talking about merging AD with, say, OpenLDAP or similar database?

Kerberos is an authentication/authorization protocol that is used among with NTLM in AD environments. Does AD support foreing Kerberos realms? It does, there's a special realm trust that you theoretically can set up, however, i'd say it's a pretty rare case as during my 15 years working with ADDS for enterprise clients I never saw that functioning in real production environments.

Personally I remember myself setting up Kerberos authentication for IBM AIX hosts against Active Directory. Microsoft, while seem supporting book Kerberos V5 also added some additional features here and there like additional error codes that aren't described in vanilla Kerberos V5, Kerberos pre-authentication by default which isn't required by vanilla Kerberos V5, etc., so there certainly could be compatibility issues when interacting with non-Windows systems but often they can be dealt with by some tuning.