Recently I have had the pleasure to work with Microsoft active directory. The goal is to get CentOS 4.4 to authenticate from active directory for ssh/mail/telnet etc. Below is a quick “howto” of sorts that deals with setting up the Linux side to authenticate from active directory.

Much to my surprise I found this process really simple and pretty effective, I’ve collected some thoughts as to advantages and disadvantages in using kerberos on the Linux side to connect to active directory.

Advantages:
1. Streamlined authentication process
2. Easily maintenance (two config files)
3. Fall back to /etc/passwd
4. Apache has a krb5/ldap module to-do authentication that works against AD
5. No need for LDAP or two/one way syncing
6. Simple maintenance and setup

Disadvantages:
1. Requires user to be in /etc/passwd (no password needed)
2. User shell/uid/gid are maintained from the Unix side
3. If a user is removed from AD the user will need to be removed from the Linux side as well

Read more »