Filter
Top Products
Interoperability with Windows 2000
Interrealm (Interdomain) Authentication
Chapter 4 59
Interrealm (Interdomain) Authentication
If two distinct realms share common keys, the realms trust one another.
With that trust in place, principals can securely access services in their
native realm as well as those in the trusted realm. HP calls such an
access interrealm authentication, and Microsoft calls it inter-domain
authentication or cross-realm authentication.
The following are examples of interrealm interoperability scenarios:
• A Kerberos principal can authenticate to a Kerberos server with
access services registered in its native realm and trusted Windows
2000 domains.
• A Kerberos principal can authenticate to a Windows 2000 domain
controller with access services registered in its native domain and in
trusted foreign domains or realms.
• A Windows 2000 principal can authenticate to a Kerberos server
with access services registered in its native realm and in trusted
foreign realms or domains.
• A Windows 2000 principal can authenticate to a Windows 2000 KDC
with access services registered in its native domain and in trusted
foreign domains or realms.
Interrealm authentication relies on secure authentication between users
and the KDC in a single realm. The shared interrealm key between
trusted KDCs provides the extra link to create a chain of trust that
allows a principal in one realm to authenticate to a service in a trusted
foreign realm.