conceptually understanding domains
Jeffrey Altman
jaltman at secure-endpoints.com
Fri May 4 13:26:51 EDT 2007
David Bear wrote:
> I've been trying to better understand the way microsoft handles
> multiple domains in AD. Is it correct to say that each domain in AD is
> a true kerberos realm? We have multiple domains at each prinicpal
> identifier lookes like a principal for a different realm.
>
> sorry if this is trivial. I'm trying to better understand the
> architecture.
>
Each Active Directory domain is a Kerberos realm and all of the domains
in a Windows forest have a cross-realm transitive path permitting
Kerberos principals in one realm to obtain service tickets for entities
located within other realms in the domain forest.
Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070504/e934fac5/attachment.bin
More information about the Kerberos
mailing list