[Samba] Is kerberos authentication against AD possible without joining the domain?

[Les Mikesell]

On CentOS (and presumably RHEL), the authconfig tool can set up
kerberos authentication via PAM so that locally added users can be
authenticated at the shell/ssh level if the password they use succeeds
for the matching user name in Active Directory - and this works
without joining the linux box to the domain.   Now I'd like those
linux users to be able to map their home directories from a windows
box using that same password.   Is this possible without joining the
linux host to the active directory domain?  I don't care if they have
to re-enter the password instead of using their domain credentials
directly, I just don't want to have to maintain a local password on
the linux side for people who already exist in AD.   And I don't want
to join the domain.

-- 
    Les Mikesell
      lesmikesell at gmail.com