If you are using AD for JUST authentication and not user information,
you can use the PAM Kerberos stuff. We've been using it for a couple of
years from both CentOS/RHEL 4 and 5 systems with good results. It was
actually pretty easy to do (once we figured out which type of chicken
bones to burn).
You can use authconfig to turn it all on:
authconfig --enablekrb5 --krb5realm {AD domain name} \
--enbablekrb5kdcdns --enablekrb5realmdns --update
This will use DNS to locate the domain controller and KDC for the domain
given the AD domain name. You can manually specify the KDC and admin
servers too, see the authconfig man page for specific details.
If you want something perhaps more polished, you could look into the
Likewise products, which handle the whole shooting match pretty well
(http://www.likewise.com/products/likewise_open/). I've played with the
Open (free) version and it worked just fine, the Enterprise has more
features but I haven't played with it.
As always, YMMV.
--
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3274 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20100209/1a96c2d9/attachment-0005.bin>