Configuring Kerberos against Windows Server Kerberos Service

The Kerberos authentication-only module in KRB5 can be used in the authentication part of a compound-load module. During configuration, the user specifies the Kerberos environment for the load module. The KRB5 load module enables Kerberos as an alternative method for authenticating against Windows 2000 or Windows 2003 Server Kerberos Service. The AIX BUILTIN pseudo-load module provides access to the security library functions. The BUILTIN load module can be combined with authentication-only load modules to provide the database part of a compound-load module. It also provides legacy-user-and-group storage and file-system access. The LDAP load module can also be used as the database part of a compound-load module.

Unlike the other Kerberos environment against NAS on an AIX system, this environment does not provide Kerberos principal management. The KRB5 load module can be used in an environment where Kerberos principals are stored on a non-AIX system and cannot be managed from the AIX operating system by using the kadmin Kerberos-database interface. The Kerberos principal management is performed separately with Kerberos principal-management tools. These tools might be part of a Kerberos product developed by software vendors or integrated into an OS like Windows 2000.