Filter
Top Products
Managing Multiple Realms
Considering a Trust Relationship
Chapter 10 277
Considering a Trust Relationship
You can establish a multiple realm environment within your enterprise.
Regardless of the reason, if principals in one realm need access to
secured services supported in a different realm, you must establish a
trust relationship between the realms.
When two distinct realms share secret keys, the two realms are said to
trust each another. With that trust in place, principals can securely
access services in their native realm as well as those in the trusted
foreign realm.
Interrealm authentication begins with relying on a secure
authentication between users and the security server in a single realm.
The shared interrealm key between trusted servers provides the extra
link to create a chain of trust that allows a principal in one realm to
authenticate to a service in a trusted foreign realm. To establish a trust
relationship, administrators for both realms must have a agreement.
You can configure your Kerberos servers for interrealm authentication
based on one-way trust, two-way trust, or hierarchical trust.
One-Way Trust
In interrealm authentication, one-way trust authenticates principals in a
realm (Q) to the services in another realm (S), but prevents principals in
the realm S from accessing services in the realm Q.
In simple terms, if Harry trusts Sally with his secrets, but Sally does not
trust Harry with her secrets, Harry and Sally have a one-way trust
relationship between them.
Two-Way Trust
In interrealm authentication, two-way trust authenticates principals in
a realm (Q) to the services in another realm (S), and principals in the
realm S to the accessing services in the realm Q.
In simpler terms, if Harry trusts Sally with his secrets, and Sally trusts
Harry with her secrets, Harry and Sally have a two-way trust
relationship between them.