Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Interoperability With Windows 2000
Single Realm (Domain) Authentication
Chapter 4 57
Single Realm (Domain) Authentication
The simplest interoperability scenarios involve one or more client
systems in a given realm or domain that authenticate to a single Key
Distribution Center. There are two such interoperability scenarios that
do not require inter-realm authentication:
• Kerberos Server principals and Windows 2000 users can
authenticate to a Kerberos Server and access services registered in
that realm.
• Kerberos Server principals and Windows 2000 users can
authenticate to a Windows 2000 domain controller and access
services registered in that domain. Single realm authentication
requires all Kerberos Server principals and Windows 2000 users to
be entered in the same database, whether that is a principal
database on an Kerberos Server or a Windows 2000 domain
controller.
What is important to understand about single realm authentication is
that principals can only access resources in their native realm. If a
principal needs access to resources in a different realm, the
administrator must configure inter-realm authentication.