Managing Multiple Realms

Hierarchical Interrealm Trust

 

 

Configuring the Intermediate Realm

 

 

To configure the intermediate realm, consider the local realm as

 

 

FINANCE.JUNGLE.COM , the intermediate realm as BAMBI.COM , the target

 

 

realm as IT.JUNGLE.COM, and complete the following steps in the

 

 

BAMBI.COM realm:

Step

1.

Use the Kerberos administrative utility, HP Kerberos Administrator, to

 

 

add the krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM principal, which

 

 

allows users in the FINANCE.JUNGLE.COM realm to authenticate with the

 

 

server in the BAMBI.COM realm.

 

 

Enable the same settings for the principal

 

 

krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM as used for the principal

 

 

krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM in the local realm.

 

 

 

NOTE

 

Each intermediate realm has four keys if you are performing two-way

 

 

interrealm authentication.

 

 

 

Step

2.

If the FINANCE.JUNGLE.COM realm also trusts the BAMBI.COM realm, add

 

 

the krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, which allows

 

 

users in the BAMBI.COM realm to authenticate with the server in the

 

 

FINANCE.JUNGLE.COM realm.

Step

3.

Enable the same settings for this principal as for the first

 

 

krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, with the same

 

 

settings enabled as used for the principal in the local realm.

Step

4. Add the krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, which allows

 

 

users in the BAMBI.COM realm to authenticate with the server in the

 

 

IT.JUNGLE.COM realm.

Step

5.

Enable the same settings for this principal as for the first

 

 

krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, with the same settings

 

 

enabled as used for the principal in the local realm.

Step

6. If the BAMBI.COM realm also trusts the IT.JUNGLE.COM realm, add the

 

 

krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, which allows users in the

 

 

IT.JUNGLE.COM realm to authenticate with the server in the BAMBI.COM

 

 

realm.

Chapter 10

285

Page 285
Image 285
HP UX Kerberos Data Security Software manual Configuring the Intermediate Realm