I would like to set up a Kerberos server to authenticate users on our various Linux servers. However, the network that the Kerberos server will be on already has a Windows 2k3 domain controller on it. Is there any way that this Kerberos server can interfere with the DC? We do not wish to have the Linux machines authenticate to the DC because of security concerns.
I have set the realm to be different from the Windows domain. However, the DNS domains are the same for both. Is that all that is necessary for the two to play nice?
AFAIK, there's no broadcast-based name resolution or other silliness in Kerberos that should cause any "interference". So long as you're using a different realm for the Linux machines all should be good.
The only time it should even come close to mattering is if both AD and the linux servers share the same DNS domain. In that case, the /etc/krb config files require you to specify which KDC to talk to. In that case, don't point it at the AD servers and instead point it at the KDC you set up for your linux servers.
However, you've set the realm different than the AD servers so even this shouldn't be an issue. You're fine!
u can try using open source www.likewise.com for AD and LDAP all passwd.