Enrique,

This is most excellent.  I'm sure this will attract many new users and 
developers that want to work with the Kerberos service within ApacheDS.

Thanks,
Alex

Enrique Rodriguez wrote:
> Hi, Directory developers,
> 
> I've been organizing my interoperability documentation.  I thought it
> made the most sense to start with a quick intro to Kerberos in today's
> typical enterprise.  I think it's fair to say that most of our
> employers use Windows and thus, by default, Active Directory.  So, we
> can explore "realm control" without setting up any servers, by using
> existing Active Directory sites.
> 
> I want to make two points:
> 
> 1)  Kerberos is alive and well. In fact, by being the authentication
> mechanism in Windows/Active Directory, it is a dominant protocol on
> corporate networks.  Every time you log in to Windows or change your
> password, you are using Kerberos.  To paraphrase a wise man, "Kerberos
> is everywhere, it is all around us, even now in this very room."
> 
> 2)  A test setup is at hand.  Since server configuration can be
> complicated, the easiest way to experiment with Kerberos is to perform
> some basic exploration from a Linux client to an existing Active
> Directory install.  Note that none of this exploration requires domain
> admin rights nor does it constitute any threat to your IT
> infrastructure.
> 
> So, here's a draft of lesson #1.
> 
> New static site:
> http://directory.apache.org/apacheds/1.0/kerberos-in-the-enterprise.html
> 
> Cwiki, in case you have changes:
> http://cwiki.apache.org/confluence/display/DIRxSRVx10/Kerberos+in+the+Enterprise