directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <>
Subject [Documentation] Kerberos in the Enterprise
Date Fri, 16 Feb 2007 05:55:14 GMT
Hi, Directory developers,

I've been organizing my interoperability documentation.  I thought it
made the most sense to start with a quick intro to Kerberos in today's
typical enterprise.  I think it's fair to say that most of our
employers use Windows and thus, by default, Active Directory.  So, we
can explore "realm control" without setting up any servers, by using
existing Active Directory sites.

I want to make two points:

1)  Kerberos is alive and well. In fact, by being the authentication
mechanism in Windows/Active Directory, it is a dominant protocol on
corporate networks.  Every time you log in to Windows or change your
password, you are using Kerberos.  To paraphrase a wise man, "Kerberos
is everywhere, it is all around us, even now in this very room."

2)  A test setup is at hand.  Since server configuration can be
complicated, the easiest way to experiment with Kerberos is to perform
some basic exploration from a Linux client to an existing Active
Directory install.  Note that none of this exploration requires domain
admin rights nor does it constitute any threat to your IT

So, here's a draft of lesson #1.

New static site:

Cwiki, in case you have changes:


View raw message