Interoperability With Windows 2000
Single Realm (Domain) Authentication
Single Realm (Domain) Authentication
The simplest interoperability scenarios involve one or more client systems in a given realm or domain that authenticate to a single Key Distribution Center. There are two such interoperability scenarios that do not require
•Kerberos Server principals and Windows 2000 users can authenticate to a Kerberos Server and access services registered in that realm.
•Kerberos Server principals and Windows 2000 users can authenticate to a Windows 2000 domain controller and access services registered in that domain. Single realm authentication requires all Kerberos Server principals and Windows 2000 users to be entered in the same database, whether that is a principal database on an Kerberos Server or a Windows 2000 domain controller.
What is important to understand about single realm authentication is that principals can only access resources in their native realm. If a principal needs access to resources in a different realm, the administrator must configure
Chapter 4 | 57 |