Do zones have any impact on the Kerberos realm structure that AD uses? Are the UNIX systems segregated from a Kerberos perspective from the other clients in the forest?
A Centrify DirectControl zone is similar to an Active Directory domain or an NIS domain. Zones allow you to organize the computers in your organization in meaningful ways to simplify
system management and the migration of account information
Zones are nothing but simply a logical grouping of UNIX systems so that user’s local settings can be logically applied based on the Zone that a computer belongs to and the UNIX user’s profile defined for that particular Zone. Zones are not used for any part of the Kerberos environment, which is setup as a client to Active Directory where the AD Domain will control the Kerberos realm.