Current Kerberos realm at IU

The current Kerberos realm in use at Indiana University is named ADS.IU.EDU. This domain is provided by Indiana University's Active Directory services on Windows Server operating systems. Any Kerberos-authenticated service can reside in this realm.

Restricting access to services by campus

Kerberos should be used only for authentication, not authorization. To allow only users from a particular campus to access a service, for example, you can't rely on Kerberos alone. In other words, you can use the ADS.IU.EDU Kerberos realm to determine whether users are who they say they are, but use some other service to determine what those users are allowed to access, such as an Active Directory security group.

For more, see Active Directory security and distribution groups.

This is document alje in the Knowledge Base.
Last modified on 2018-10-03 16:57:39.

Contact us

For help or to comment, email the UITS Support Center.