You want to integrate your existing MIT Kerberos infrastructure with Active Directory.
Integrating MIT Kerberos with Active Directory typically means setting up a trust between an Active Directory domain and your MIT Kerberos realm. Creating a trust between a domain and realm is the first step toward Kerberos interoperability. It will allow users to access resources in either the AD domain or Kerberos realm. Here are the steps to create the trust:
What I've shown here is just the tip of the iceberg. You may need to configure service principals, create account mappings, create host principals, and tweak the krb5.conf configuration file on your MIT KDCs to accomplish full integration in your environment. Providing details on how to do all of that is beyond the scope of this book, but a great resource on Kerberos is O'Reilly's Kerberos: The Definitive Guide, which covers all the ins and outs of the Kerberos protocol and interoperability with Active Directory. Also, there are some good resources on the Web, which I've listed here:
18.7.4 See Also
MS KB 217098 (Basic Overview of Kerberos User Authentication Protocol in Windows 2000), MS KB 230476 (Description of Common Kerberos-Related Errors in Windows 2000), MS KB 248758 (Information About the Windows 2000 Kerberos Implementation), MS KB 324143 (HOW TO: Use the Kerberos Setup Tool (Ksetup.exe)), and MS KB 810755 (White Paper: Windows 2000 Kerberos Interoperability and Authentication)