Current Kerberos realm at IU

The current Kerberos realm in use at Indiana University is named ADS.IU.EDU. This domain is provided by IU's Active Directory services on Windows Server operating systems. Any Kerberos-authenticated service can reside in this realm.

Kerberos should be used only for authentication, not authorization. Authentication confirms that users are who they say they are; authorization gives users permission to access resources. To allow only users from a particular campus to access a service, for example, you cannot rely on Kerberos alone. In other words, you can use the ADS.IU.EDU Kerberos realm to determine whether users are who they say they are, but use some other service to determine what those users are allowed to access, such as an Active Directory security group.

For more, see Active Directory security and distribution groups.

This is document alje in the Knowledge Base.
Last modified on 2020-10-30 16:41:34.