What is cross-realm authentication?
Any Kerberos principal can authenticate to other principals within the same Kerberos realm. However, it is also possible to configure a Kerberos realm so principals in one realm can authenticate to principals in another realm. This is called cross-realm authentication. The way this is implemented is the KDCs in the two realms share a special cross-realm secret, and this secret is used to prove the identity of principals when crossing the boundary between realms. Kerberos 5 supports an additional variant of this called transitive cross-realm authentication. In traditional cross-realm authentication, each pair of realms that wish to authenticate need to share a cross-realm secret.
Any Kerberos principal can authenticate to other principals within the sameKerberos realm. However, it is also possible to configure a Kerberos realmso principals in one realm can authenticate to principals in another realm.This is called cross-realm authentication.The way this is implemented is the KDCs in the two realms share a specialcross-realm secret, and this secret is used to prove the identity ofprincipals when crossing the boundary between realms.Kerberos 5 supports an additional variant of this called transitivecross-realm authentication. In traditional cross-realm authentication, eachpair of realms that wish to authenticate need to share a cross-realm secret.This means in a group of N realms, 2 * ((N – 1) ** 2) secrets will need tobe exchanged in order to cover all possible cross-realm authenticationpaths.In transitive cross-realm authentication you can define a path of realmsconnected via cross-realm secrets and use this path to “hop” between realmsuntil you get credentials
Any Kerberos principal can authenticate to other principals within the same Kerberos realm. However, it is also possible to configure a Kerberos realm so principals in one realm can authenticate to principals in another realm. This is called cross-realm authentication. The way this is implemented is the KDCs in the two realms share a special cross-realm secret, and this secret is used to prove the identity of principals when crossing the boundary between realms. Kerberos 5 supports an additional variant of this called transitive cross-realm authentication. In traditional cross-realm authentication, each pair of realms that wish to authenticate need to share a cross-realm secret. This means in a group of N realms, 2 * ((N – 1) ** 2) secrets will need to be exchanged in order to cover all possible cross-realm authentication paths. In transitive cross-realm authentication you can define a path of realms connected via cross-realm secrets and use this path to “hop” between realms until you
