Inter-realm

Hierarchical Inter-realm Trust

Step 1. Steps for configuring the Local Realm

For these steps, the local realm is FINANCE.JUNGLE.COM and the intermediate realm is BAMBI.COM.

In the FINANCE.JUNGLE.COM realm:

1.Using the Kerberos Server’s Administrator in the FINANCE.JUNGLE.COM realm, add the krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM principal, which allows users in the FINANCE.JUNGLE.COM realm to authenticate with the server in the BAMBI.COM realm.

Enable the following settings for this principal:

Select all Allow attributes.

Clear all Require attributes.

Provide a password rather than a random key. Remember the password.

Record the primary key type and salt type.

Record the password key version number.

2.If the FINANCE.JUNGLE.COM realm also trusts the BAMBI.COM realm, add the krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, which allows users in the BAMBI.COM realm to authenticate to the services in the FINANCE.JUNGLE.COM realm.

3.Enable the same settings for this principal as for the inter-realm principal, krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM, as mentioned in Step 2.1.

4.Exit Administrator.

Step 2. Steps for configuring the Intermediate Realm(s)

For these steps, the name of the local realm is FINANCE.JUNGLE.COM, the name of the intermediate realm is BAMBI.COM, and the name of the target realm is IT.JUNGLE.COM.

Chapter 8

255

Page 255
Image 255
HP UX Kerberos Data Security Software manual