Managing Multiple Realms

Hierarchical Interrealm Trust

Step 7. Enable the same settings for this principal as for the first krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, with the same settings enabled as used for the principal in the local realm. Refer to step 2 in “Configuring the Target Realm” on page 286.

Configuring the Target Realm

To configure the target realm, consider the intermediate realm as BAMBI.COM , the target realm as IT.JUNGLE.COM and complete the following steps in the IT.JUNGLE.COM realm:

Step 1. Use the Kerberos administrative utility, HP Kerberos Administrator, to add the krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, which allows users in the BAMBI.COM realm to authenticate with the server in the IT.JUNGLE.COM realm.

Enable the following settings for this principal:

Provide the same password that you used for krbtgt/IT.JUNGLE.COM@BAMBI.COM while configuring the intermediate realm.

Select all Allow attributes.

Clear all Require attributes.

Record the primary key type and salt type.

Record the password key version number.

Step 2. If the BAMBI.COM realm also trusts the IT.JUNGLE.COM realm, add the krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, which allows users in the IT.JUNGLE.COM realm to authenticate with the server in the BAMBI.COM realm.

286

Chapter 10

Page 286
Image 286
HP UX Kerberos Data Security Software manual Configuring the Target Realm