Managing Multiple Realms
Considering a Trust Relationship
Hierarchical TrustIn interrealm authentication, hierarchical trust allows principals in one realm to access resources in another realm if there is a chain of trust established between the realms. The chain relies on a hierarchical realm naming scheme.
For example, IT.BAMBI.COM and DEER.JUNGLE.COM are child realms of their respective parent realms, BAMBI.COM and JUNGLE.COM. If both child realms have
To support hierarchical trust in Kerberos servers, you must have a realm hierarchy, where each realm has a direct relationship with a parent and potentially several children.
Other Types of TrustYou may choose to interoperate with other Kerberos implementations. HP Kerberos server, Microsoft Windows 2000, and MIT Kerberos servers provide Kerberos security solutions following the same IETF standard. HP Kerberos server can interoperate with these other solutions, which allows you to selectively deploy the platforms you choose to meet the needs of your company.
Fore more information on interoperability with Windows 2000, see
Chapter 4, “Interoperability with Windows 2000,” on page 51.
278 | Chapter 10 |