Filter
Top Products
Managing Multiple Realms
Hierarchical Interrealm Trust
Chapter 10 285
Configuring the Intermediate Realm
To configure the intermediate realm, consider the local realm as
FINANCE.JUNGLE.COM , the intermediate realm as BAMBI.COM , the target
realm as IT.JUNGLE.COM, and complete the following steps in the
BAMBI.COM realm:
Step 1. Use the Kerberos administrative utility, HP Kerberos Administrator, to
add the krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM principal, which
allows users in the FINANCE.JUNGLE.COM realm to authenticate with the
server in the BAMBI.COM realm.
Enable the same settings for the principal
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM as used for the principal
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM in the local realm.
NOTE Each intermediate realm has four keys if you are performing two-way
interrealm authentication.
Step 2. If the FINANCE.JUNGLE.COM realm also trusts the BAMBI.COM realm, add
the krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, which allows
users in the BAMBI.COM realm to authenticate with the server in the
FINANCE.JUNGLE.COM realm.
Step 3. Enable the same settings for this principal as for the first
krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, with the same
settings enabled as used for the principal in the local realm.
Step 4. Add the krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, which allows
users in the BAMBI.COM realm to authenticate with the server in the
IT.JUNGLE.COM realm.
Step 5. Enable the same settings for this principal as for the first
krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, with the same settings
enabled as used for the principal in the local realm.
Step 6. If the BAMBI.COM realm also trusts the IT.JUNGLE.COM realm, add the
krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, which allows users in the
IT.JUNGLE.COM realm to authenticate with the server in the BAMBI.COM
realm.