Kerberos throws a whole different monkey wrench in the mix. You could do it with a one way forest trust where Domain B trusts Domain A's authentication, assuming the two domains are part of the same forest.
If they are not part of the same forest, you can create an external trust, but an external trust doesn't work with Kerberos (at least it didn't use to). As for the specific requirements... There are a few, but I can't talk about them with much certainty off the top of my head. I'd recommend having a look through technet. IIRC there's a section of articles there on exactly this topic with pretty diagrams and everything. Thanks, Steve On Tue, Mar 5, 2013 at 7:11 PM, Nathan Brandt <[email protected]>wrote: > ** > Steve, > > It is not only about authentication. For Windows Desktop SSO to work, > Kerberos/NTLM tokens have to be passed around. My question is more related > to that. You are right about authentication, I can just specify one or more > AD servers in domain A (if it is a forest) in AREA configuration and > authentication would work fine. > > ~Nathan > > > On Wed, Mar 6, 2013 at 8:33 AM, Steve Kallestad <[email protected]>wrote: > >> ** The way you worded this reminds me entirely too much of the old MCSE >> exams. :) >> >> In actuality, you don't really need to do anything. You can configure >> AREA to authenticate from any given AD server, it does not need to reside >> in your domain. >> >> Thanks, >> Steve >> >> On Tue, Mar 5, 2013 at 6:58 PM, Nathan Brandt <[email protected]>wrote: >> >>> ** >>> Suppose I have a setup where all ARS users reside in domain A and AR >>> Installation (mid-tier, AR Server and Db) are in domain B. >>> >>> In order to achieve SSO (Integrated Windows Authentication) for users in >>> domain A against mid-tier in domain B what are the pre-requisites in terms >>> of domain trusts? >>> >>> ~Nathan >>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
