I would like to set up a Kerberos server to authenticate users on our various Linux servers. However, the network that the Kerberos server will be on already has a Windows 2k3 domain controller on it. Is there any way that this Kerberos server can interfere with the DC? We do not wish to have the Linux machines authenticate to the DC because of security concerns.

I have set the realm to be different from the Windows domain. However, the DNS domains are the same for both. Is that all that is necessary for the two to play nice?

  • 2,007
  • 1
  • 13
  • 21

3 Answers3


AFAIK, there's no broadcast-based name resolution or other silliness in Kerberos that should cause any "interference". So long as you're using a different realm for the Linux machines all should be good.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328

The only time it should even come close to mattering is if both AD and the linux servers share the same DNS domain. In that case, the /etc/krb config files require you to specify which KDC to talk to. In that case, don't point it at the AD servers and instead point it at the KDC you set up for your linux servers.

However, you've set the realm different than the AD servers so even this shouldn't be an issue. You're fine!

  • 131,083
  • 18
  • 173
  • 296
  • Well, this brings up another point. The two are using the same DNS domain (xyz.com). The AD uses xyz.com as the Domain. I've set up the kerberos to use XYZ.LOCAL for the realm. Can this cause problems? – Swoogan Jun 26 '09 at 17:27
  • So long as the realms are different (in AD realm=DNS) you're fine. – sysadmin1138 Jun 26 '09 at 17:29

u can try using open source www.likewise.com for AD and LDAP all passwd.

  • 3,329
  • 21
  • 29