Originally Posted by Juako
look at pam.krb5, you can use kerberos directly to authenticate to the windows domain, no need for joining. That said, it does have a lot of advantages to have your servers fully joined, specially if you offer services to windows clients.
Thanks - I got sidetracked with some other pressing things that came up.
That said, I was able to authenticate with kerberos and check with klist. Had some issues with pam configuration, but hopefully I should be able to work those out.
I had some previous experience with kerberos, but that needeed the machine joined to the domain. Probably because it was delegating the authroization for a database. I didn't join the machine here and kerberos worked great - thanks for pointing me in the right direction!