Compared to other remote authentication tools, Kerberos is unusual;
it’s designed to manage entire network logins,
rather than desktop computer logins. As such, it’s
best suited for environments in which users frequently use multiple
servers, with protocols such as Telnet or FTP. Kerberos configuration
requires configuring three computer classes: the KDC, the application
servers, and the clients. All have certain commonalities, such as the
krb5.conf file, but each has its unique
features, as well. Considered as a cross-platform tool, Kerberos can
be an integrative tool, but Microsoft’s non-standard
Kerberos implementation throws a monkey wrench into the equation.
Cross-platform Kerberos use works best with a Microsoft KDC (in the
form of an AD controller) and non-Microsoft application servers or
clients; using Microsoft application servers or clients with a
non-Microsoft KDC is trickier, although it’s still
possible, and sometimes worthwhile, for some purposes.