Managing Multiple Realms
Hierarchical Interrealm Trust
|
| Configuring the Intermediate Realm |
|
| To configure the intermediate realm, consider the local realm as |
|
| FINANCE.JUNGLE.COM , the intermediate realm as BAMBI.COM , the target |
|
| realm as IT.JUNGLE.COM, and complete the following steps in the |
|
| BAMBI.COM realm: |
Step | 1. | Use the Kerberos administrative utility, HP Kerberos Administrator, to |
|
| add the krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM principal, which |
|
| allows users in the FINANCE.JUNGLE.COM realm to authenticate with the |
|
| server in the BAMBI.COM realm. |
|
| Enable the same settings for the principal |
|
| krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM as used for the principal |
|
| krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM in the local realm. |
|
|
|
NOTE |
| Each intermediate realm has four keys if you are performing |
|
| interrealm authentication. |
|
|
|
Step | 2. | If the FINANCE.JUNGLE.COM realm also trusts the BAMBI.COM realm, add |
|
| the krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, which allows |
|
| users in the BAMBI.COM realm to authenticate with the server in the |
|
| FINANCE.JUNGLE.COM realm. |
Step | 3. | Enable the same settings for this principal as for the first |
|
| krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, with the same |
|
| settings enabled as used for the principal in the local realm. |
Step | 4. Add the krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, which allows | |
|
| users in the BAMBI.COM realm to authenticate with the server in the |
|
| IT.JUNGLE.COM realm. |
Step | 5. | Enable the same settings for this principal as for the first |
|
| krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, with the same settings |
|
| enabled as used for the principal in the local realm. |
Step | 6. If the BAMBI.COM realm also trusts the IT.JUNGLE.COM realm, add the | |
|
| krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, which allows users in the |
|
| IT.JUNGLE.COM realm to authenticate with the server in the BAMBI.COM |
|
| realm. |
Chapter 10 | 285 |