Filter
Top Products
Managing Multiple Realms
Considering a Trust Relationship
Chapter 10278
Hierarchical Trust
In interrealm authentication, hierarchical trust allows principals in one
realm to access resources in another realm if there is a chain of trust
established between the realms. The chain relies on a hierarchical realm
naming scheme.
For example, IT.BAMBI.COM and DEER.JUNGLE.COM are child realms of
their respective parent realms, BAMBI.COM and JUNGLE.COM. If both child
realms have two-way trust with the parent realm, and the two parent
realms have a direct trust link, IT.BAMBI.COM and DEER.JUNGLE.COM
can have hierarchical interrealm trust between them.
To support hierarchical trust in Kerberos servers, you must have a realm
hierarchy, where each realm has a direct relationship with a parent and
potentially several children.
Other Types of Trust
You may choose to interoperate with other Kerberos implementations.
HP Kerberos server, Microsoft Windows 2000, and MIT Kerberos servers
provide Kerberos security solutions following the same IETF standard.
HP Kerberos server can interoperate with these other solutions, which
allows you to selectively deploy the platforms you choose to meet the
needs of your company.
Fore more information on interoperability with Windows 2000, see
Chapter 4, “Interoperability with Windows 2000,” on page 51.