Kerberos Realms (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: Kerberos Principals
Next: Kerberos Servers

Kerberos Realms

A realm is a logical network, similar to a domain, that defines a group of systems under the same master KDC. Figure 21–3 shows how realms can relate to one another. Some realms are hierarchical, where one realm is a superset of the other realm. Otherwise, the realms are nonhierarchical (or “direct”) and the mapping between the two realms must be defined. A feature of the Kerberos service is that it permits authentication across realms. Each realm only needs to have a principal entry for the other realm in its KDC. This Kerberos feature is called cross-realm authentication.

Figure 21–3 Kerberos Realms

Diagram shows the ENG.EXAMPLE.COM realm in a non-hierarchical
relationship with SEAMCO.COM, and in a hierarchical relationship with EXAMPLE.COM.

Previous: Kerberos Principals
Next: Kerberos Servers