Managing Multiple Realms
Hierarchical Interrealm Trust
Chapter 10286
Step 7. Enable the same settings for this principal as for the first
krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, with the same settings
enabled as used for the principal in the local realm. Refer to step 2 in
“Configuring the Target Realm” on page 286.
Configuring the Target Realm
To configure the target realm, consider the intermediate realm as
BAMBI.COM , the target realm as IT.JUNGLE.COM and complete the
following steps in the IT.JUNGLE.COM realm:
Step 1. Use the Kerberos administrative utility, HP Kerberos Administrator, to
add the krbtgt/IT.JUNGLE.COM@BAMBI.COM principal, which allows
users in the BAMBI.COM realm to authenticate with the server in the
IT.JUNGLE.COM realm.
Enable the following settings for this principal:
• Provide the same password that you used for
krbtgt/IT.JUNGLE.COM@BAMBI.COM while configuring the
intermediate realm.
• Select all Allow attributes.
• Clear all Require attributes.
• Record the primary key type and salt type.
• Record the password key version number.
Step 2. If the BAMBI.COM realm also trusts the IT.JUNGLE.COM realm, add the
krbtgt/BAMBI.COM@IT.JUNGLE.COM principal, which allows users in the
IT.JUNGLE.COM realm to authenticate with the server in the BAMBI.COM
realm.
