Filter
Top Products
Managing Multiple Realms
Hierarchical Interrealm Trust
Chapter 10284
For interrealm authentication in the other direction, two-way
hierarchical interrealm authentication, you must also add these
principals:
• krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM allows the server in
FINANCE.JUNGLE.COM to accept tickets from BAMBI.COM.
• krbtgt/BAMBI.COM@IT.JUNGLE.COM allows the server in BAMBI.COM
to accept tickets from IT.JUNGLE.COM.
Configuring the Local Realm
To configure the local realm, consider the local realm as
FINANCE.JUNGLE.COM and the intermediate realm as BAMBI.COM and
complete the following steps in the FINANCE.JUNGLE.COM realm:
Step 1. Use the Kerberos administrative utility, HP Kerberos Administrator, in
the FINANCE.JUNGLE.COM realm, and add the
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM principal, which allows users
in the FINANCE.JUNGLE.COM realm to authenticate with the server in the
BAMBI.COM realm.
Enable the following settings for this principal:
• Select all the Allow attributes.
• Clear all the Require attributes.
• Provide a password rather than a random key and remember the
password.
• Record the primary key type and salt type.
• Record the password key version number.
Step 2. If the FINANCE.JUNGLE.COM realm also trusts the BAMBI.COM realm, add
the krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, which allows
users in the BAMBI.COM realm to authenticate to the services in the
FINANCE.JUNGLE.COM realm.
Step 3. Enable the same settings for this principal as for the interrealm
principal, krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM, as mentioned in
step 1 in the procedure for configuring the intermediate realm.