Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Kerberos Realms

A realm is a logical network, similar to a domain, that defines a group of systems under the same master KDC. Figure 2–3 shows how realms can relate to one another. Some realms are hierarchical, where one realm is a superset of the other realm. Otherwise, the realms are nonhierarchical (or “direct”) and the mapping between the two realms must be defined. Kerberos cross-realm authentication enables authentication across realms. Each realm only needs to have a principal entry for the other realm in its KDC.

Figure 2-3  Kerberos Realms

image:Diagram shows the CORP.EXAMPLE.COM realm in a non-hierarchical relationship with SEAMCO.COM, and in a hierarchical relationship with EXAMPLE.COM.