You can use raw pam_ldap + pam_krb5 to enact AD integration with Linux. I have done this (even implemented SASL bindings) and it works. But it seems quite fragile. If you're a hobbyist, or on a shoe-string subject -- this is the way to go.
But if you're in charge of an enterprise env, I'd recommend you going with one of the major players to do this: Centrify, Likewise or Quest (VAS).
They can handle cross-domain authentication, one-way trusts, cross-forest authentication from an untrusted domain and other complex scenarios. Also, they have the smart engineers on staff that know Kerberos inside and out.
Spike
|