Filter
Top Products
Propagating the Kerberos Server
Configuring Multirealm Enterprises
Chapter 9272
Configuring Multirealm Enterprises
When you support multiple realms, additional configuration steps are
required for both the security servers and clients. This section discusses
the servers requirements.
Number of Realms per Database
A single primary security server supports more than one realm. If you
have a centralized administration group that controls the security needs
of your enterprise, you can support all the realms on one primary
security server.
Alternatively, if you have distributed administration groups, you may
need to support a single realm for a single primary security server. This
arrangement has different configuration requirements.
If you are supporting only one realm per primary security server, you
must configure the server normally, and create the required trust
relationships, as described in “Configuring Direct Trust Relationships”
on page 279.
You must perform additional configuration tasks if you are supporting
more than one realm per primary security server.
primary security servers Supporting Multiple Realms
If you choose to support more than one realm in a database of a primary
security server, you must decide if all the secondary security servers also
support multiple realms. Alternatively, you can have different branches
of secondary security servers: one branch for each realm supported in the
principal database.
You can configure propagation to propagate only selected realms to a
secondary security server. With this propagation configuration, you can
maximize the benefits of creating multiple security boundaries in your
enterprise. In the event that an authentication server in one branch is
compromised, database information about other branches is still secure.