Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Inter-realm
Hierarchical Inter-realm Trust
Chapter 8256
NOTE Each intermediate realm has four keys if you are performing two-way
inter-realm authentication.
In the BAMBI.COM realm:
1. Using the Kerberos Server’s Administrator, add the
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM principal, which allows
users in the FINANCE.JUNGLE.COM realm to authenticate with the
server in the BAMBI.COM realm.
Enable the same settings for the principal,
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM, as used for the principal,
krbtgt/BAMBI.COM@FINANCE.JUNGLE.COM, in the local realm. Refer
to Step 1.1.
2. If the FINANCE.JUNGLE.COM realm also trusts the BAMBI.COM realm,
add the krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM principal, which
allows users in the BAMBI.COM realm to authenticate with the server
in the FINANCE.JUNGLE.COM realm.
3. Enable the same settings for this principal as for the first
krbtgt/FINANCE.JUNGLE.COM@BAMBI.COM, with the same settings
enabled as used for the principal in the local realm. Refer to Step 1.3.
4. Add the krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, which allows
users in the BAMBI.COM realm to authenticate with the server in the
IT.JUNGLE.COM realm.
5. Enable the same settings for this principal as for the first
krbtgt/IT.JUNGLE.COM@BAMBI.COM, with the same settings enabled
as used for the principal in the local realm. Refer to Step 3.1.
6. If the BAMBI.COM realm also trusts the IT.JUNGLE.COM realm, add
the krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, which allows
users in the IT.JUNGLE.COM realm to authenticate withthe Server in
the BAMBI.COM realm.
7. Enable the same settings for this principal as for the first
krbtgt/BAMBI.COM@IT.JUNGLE.COM, with the same settings enabled
as used for the principal in the local realm. Refer to Step 3.2.
8. Exit Administrator.