A realm is a logical network, similar to a domain, that defines a group of systems under the same master KDC. Figure 2–3 shows how realms can relate to one another. Some realms are hierarchical, where one realm is a superset of the other realm. Otherwise, the realms are nonhierarchical (or “direct”) and the mapping between the two realms must be defined. Kerberos cross-realm authentication enables authentication across realms. Each realm only needs to have a principal entry for the other realm in its KDC.
Figure 2-3 Kerberos Realms