conceptually understanding domains

Jeffrey Altman jaltman at
Fri May 4 13:26:51 EDT 2007

David Bear wrote:
> I've been trying to better understand the way microsoft handles
> multiple domains in AD. Is it correct to say that each domain in AD is
> a true kerberos realm? We have multiple domains at each prinicpal
> identifier lookes like a principal for a different realm.
> sorry if this is trivial. I'm trying to better understand the
> architecture.
Each Active Directory domain is a Kerberos realm and all of the domains
in a Windows forest have a cross-realm transitive path permitting
Kerberos principals in one realm to obtain service tickets for entities
located within other realms in the domain forest.

Jeffrey Altman
Secure Endpoints Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the Kerberos mailing list