Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Inter-realm
Hierarchical Inter-realm Trust
Chapter 8 253
Now VIBGYOR.INDIGO.COM has a direct trust relationship established
with both RED.BLUE.COM and GREEN.YELLOW.COM. Hence, RED.BLUE.COM
can obtain an inter-realm ticket through the intermediate realm,
VIBGYOR.INDIGO.COM. The client in RED.BLUE.COM requests for an
inter-realm ticket from VIBGYOR.INDIGO.COM, and can then use this
inter-realm ticket, that was obtained, to contact GREEN.YELLOW.COM for a
ticket to use a service in its realm.
Hierarchical Inter-realm Configuration
To configure realms to perform hierarchical inter-realm authentication,
the following steps are necessary in each realm - local realm,
intermediate realm(s), and target realm.
Add an inter-realm principal (krbtgt/REALM2@REALM1) to the
principal database to allow the local realm to authenticate with the
intermediate realm and the intermediate realm to authenticate with
another intermediate or the target realm.
If you also want the intermediate or target realm to authenticate
with the local realm or another intermediate realm, two-way, you
must add a second inter-realm principal
(krbtgt/REALM1@REALM2) to the database
These actions are described in detail in the following sections. The
example configuration in this section uses theinter-realmauthentication
principals shown in the figure below. The relationships are defined as
follows:
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM allows the server in
BAMBI.COM to accept tickets from FINANCE.JUNGLE.COM