At IU, what Kerberos realms are in use?

The current Kerberos realm in use at Indiana University is named ADS.IU.EDU. This domain is provided by Indiana University's Active Directory services on Windows Server operating systems. Any Kerberos-authenticated service can reside in this realm.

Restricting access to services by campus

Kerberos should be used only for authentication, not authorization. To allow only users from a particular campus to access a service, for example, you can't rely on Kerberos alone. In other words, you can use the ADS.IU.EDU Kerberos realm to determine whether users are who they say they are, but use some other service to determine what those users are allowed to access, such as an Active Directory security group.

For more, see In Microsoft Active Directory, what are security and distribution groups?

Related documents

This is document alje in the Knowledge Base.
Last modified on 2011-06-01 00:00:00.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.