Interoperability with Windows 2000
Single Realm (Domain) Authentication
Chapter 458
Single Realm (Domain) Authentication
Single realm interoperability scenarios involve one or more client
systems in a given realm or domain that authenticate to a single KDC.
Following are the interoperability scenarios that do not require
interrealm authentication:
• Kerberos server principals and Windows 2000 users can
authenticate to a Kerberos server and access services registered in
that realm.
• Kerberos server principals and Windows 2000 users can
authenticate to a Windows 2000 domain controller and access
services registered in that domain.
Single realm authentication requires all Kerberos server principals and
Windows 2000 users to be entered in the same database regardless of
whether that is a principal database on a Kerberos server or a Windows
2000 domain controller.
IMPORTANT In single realm authentication, principals can only access resources in
their native realm. If a principal needs access to resources in a different
realm, you must configure interrealm authentication.