Hi, Directory developers, I've been organizing my interoperability documentation. I thought it made the most sense to start with a quick intro to Kerberos in today's typical enterprise. I think it's fair to say that most of our employers use Windows and thus, by default, Active Directory. So, we can explore "realm control" without setting up any servers, by using existing Active Directory sites.
I want to make two points: 1) Kerberos is alive and well. In fact, by being the authentication mechanism in Windows/Active Directory, it is a dominant protocol on corporate networks. Every time you log in to Windows or change your password, you are using Kerberos. To paraphrase a wise man, "Kerberos is everywhere, it is all around us, even now in this very room." 2) A test setup is at hand. Since server configuration can be complicated, the easiest way to experiment with Kerberos is to perform some basic exploration from a Linux client to an existing Active Directory install. Note that none of this exploration requires domain admin rights nor does it constitute any threat to your IT infrastructure. So, here's a draft of lesson #1. New static site: http://directory.apache.org/apacheds/1.0/kerberos-in-the-enterprise.html Cwiki, in case you have changes: http://cwiki.apache.org/confluence/display/DIRxSRVx10/Kerberos+in+the+Enterprise Enrique
