Is there such a thing as a Kerberos Domain?
I'm pretty sure I've heard the term but I'm struggling to find a decent explanation (or any explanation).
Is it just people confusing it with an Windows Domain or an LDAP Domain?
Asked
Active
Viewed 226 times
3 Answers
5
See RFC4120, "The Kerberos Network Authentication Service (V5)". Realms are a namespace or administrative zone, usually tied to the domain used -- perhaps your people are referring to to a Kerberos realm?
EX: someone with AD domain credentials could authenticate to a non-Windows Kerberos realm. I notice Microsoft refers to "cross-domain" in discussions of Kerberos when "cross-realm" might be more appropriate.
0
Not really, no. I would say that it's getting confused with an Active Directory domain. Kerberos is an authentication protocol. There is no domain concept in plain Kerberos.
The term "domain" refers to the organization structure of Active Directory. Active Directory employs Kerberos as one of its available authentication protocols, which I think is where the confusion would come in.
squillman
- 37,618
- 10
- 90
- 145
-
2"Realm" is the kerberos terminology equivalent to domain. – davenpcj Oct 29 '10 at 20:43
0
Active directory is essentially a closely tied implementation of LDAP and Kerberos by microsoft, along with some customized tools and additional 'functionality' built on top. So it would be correct to say that kerberos is PART of a windows domain, but not that kerberos is equivalent to a windows domain.
Devnull
- 951
- 1
- 7
- 23