Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Inter-realm
Hierarchical Inter-realm Trust
Chapter 8 255
Step 1. Steps for configuring the Local Realm
For these steps, the local realm is FINANCE.JUNGLE.COM and the
intermediate realm is BAMBI.COM.
In the FINANCE.JUNGLE.COM realm:
1. Using the Kerberos Server’s Administrator in the
FINANCE.JUNGLE.COM realm, add the
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM principal, which allows
users in the FINANCE.JUNGLE.COM realm to authenticate with the
server in the BAMBI.COM realm.
Enable the following settings for this principal:
• Select all Allow attributes.
• Clear all Require attributes.
• Provide a password rather than a random key. Remember the
password.
• Record the primary key type and salt type.
• Record the password key version number.
2. If the FINANCE.JUNGLE.COM realm also trusts the BAMBI.COM realm,
add the krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, which
allows users in the BAMBI.COM realm to authenticate to the services
in the FINANCE.JUNGLE.COM realm.
3. Enable the same settings for this principal as for the inter-realm
principal, krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM, as mentioned
in Step 2.1.
4. Exit Administrator.
Step 2. Steps for configuring the Intermediate Realm(s)
For these steps, the name of the local realm is FINANCE.JUNGLE.COM, the
name of the intermediate realm is BAMBI.COM, and the name of the
target realm is IT.JUNGLE.COM.