DOMAIN JOINED VIRTUAL NAMES ON DOMAINLESS SERVERS

Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service. 使来自无域机器的服务在虚拟名称下在安全域中可用。每个机器未被加入域，但是可以到达安全域控制器。控制器使用诸如修改的Kerberos协议的认证