> My problem lies in connecting VM Kerberos to Windows Active > Directory. I think all I have to do is change KRB CONF to the > appropriate values and it should work. It appears that when > Microsoft adapted Kerberos for use in Active Directory, that > they renamed EVERYTHING, so that the VM Kerberos instructions > mean nothing to our Windows guys.
VM's Kerberos support is based on Kerberos version 4 (and a REALLY ancient version of K4 at that). AD is based on Kerberos version 5. K4 is not upward compatible with K5. You'll need a system supporting k42k5d (such as a Linux guest running Heimdal or a similar widget) to provide K4->K5 translation support. If you google for setting up Heimdal for use with OpenAFS, you'll find a cookbook to configuring k42k5d (older versions of OpenAFS required K4 support; recent versions are K5-clean) to supply translation services. Once that's done, then you can update KRB CONF as documented in the VM TCPIP planning guide to point to the guest running Heimdal, and you should be able to acquire tickets. It is possible (if extraordinarily tedious) to build MIT Kerberos 5 sources on CMS if you have the VM C/C++ compiler installed, but the process is very long and involved. If you're really interested, contact me offline and we can discuss it further.
