David Bear wrote: > I've been trying to better understand the way microsoft handles > multiple domains in AD. Is it correct to say that each domain in AD is > a true kerberos realm? We have multiple domains at each prinicpal > identifier lookes like a principal for a different realm. > > sorry if this is trivial. I'm trying to better understand the > architecture. > Each Active Directory domain is a Kerberos realm and all of the domains in a Windows forest have a cross-realm transitive path permitting Kerberos principals in one realm to obtain service tickets for entities located within other realms in the domain forest.
Jeffrey Altman Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
