Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Inter-realm

Considering Trust Relationships

Chapter 8246

In simple terms, if Harry trusts Sally with his secrets, and Sally trusts

Harry with her secrets, Harry and Sally have a two-way trust

relationship between them.

Hierarchical Trust

In inter-realm authentication, hierarchical trust allows principals in one

realm to access resources in another realm if there is a chain of trust

established between the realms. The chain relies on a hierarchical realm

naming scheme.

For example, IT.BAMBI.COM and DEER.JUNGLE.COM are child realms of

their respective parent realms, BAMBI.COM and JUNGLE.COM. If both child

realms have two-way trust with the parent realm, and the two parent

realms have a direct trust link, then IT.BAMBI.COM and

DEER.JUNGLE.COM can have hierarchical inter-realm trust between them.

To support hierarchical trust in Kerberos Servers, you must have a

realm hierarchy, where each realm has a direct relationship with a

parent and potentially several children.

Other Types Of Trust

You may choose to interoperate with other Kerberos implementations.

HP’s Kerberos Server, Microsoft Windows 2000, and MIT Kerberos

Servers provide Kerberos security solutions following the same IETF

standard. HP’s Kerberos Server can interoperate with these other

solutions,which allows you to selectively deploy the platforms you choose

to meet the needs of your company.

Information on interoperability with Windows 2000 is provided in

Chapter 4, “Interoperability With Windows 2000,” on page 49.