Microsoft adutil - FAQ

Microsoft adutil is the a CLI based utility designed to support Active Directory authentication on Linux \ SQL Server & Linux \ SQL Server Containers. 

This page is an FAQ on various questions

Some common terminology used in implementing adutil 

> NTLM (New Technology LAN Manager) – Propietery Microsoft authentication protocol.The NTLM protocol is an old authentication protocol with various vulnerabilities, which pose a security risk. It's based on a relatively weak cryptographic scheme and is vulnerable to various attacks. It's replaced with Kerberos, which is a lot more secure and recommended. NTLM authentication should only be used in a secure trusted environment, or when Kerberos can't be used.
> Kerberos – Ticket based authentication system. Principal of a trusted 3rd party. The other two partied being the user and the service that is the target for authentication. Read more on List the differences between Kerberos and NTLM
> SSSD - SQL Server uses SSSD and NSS for mapping user accounts and groups to security identifiers (SID's).
> SPN - A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service.
> Keytab file- spns are maintained used to resolve when a Kerberos connection is made. There is also the principal user with hashed password used for internal SQL Server processes
When a connection is required to the AD publishes the ticket and the reconciled to keytab file. Password management

Read more on Kerberos,

How to debug Kerberos and LDAP for SQL Server