Kerberos Support

Perhaps surprisingly, Kerberos can be used to authenticate to Microsoft SQL Servers. [21] This affords single-signon (or, at most, double-signon) capability in non-Windows environment.

To take advantage of Kerberos you have to set up your machine with keytab [22] from your Active Directory. You could use Samba or configure Kerberos directly (/etc/krb5.conf). configure includes options to define the location of your Kerberos installation (cf. Options to configure).

By default UNIX does not initialize a Kerberos ticket with your login account. You must use kinit to initialize a ticket. You could also configure Kerberos in PAM to initialize a Kerberos ticket at login time.



[21] It works because much of Active Directory is based on Kerberos. From each according to his ability; to each according to his needs.

[22] No, the author does not really know what he's talking about.