With the establishment of inter‑realm keys, the administrators of the two realms can permit a client authenticated in one realm to use its credentials in the other realm. Exchanging inter‑realm keys registers the ticket‑granting service of each realm as a principal in the other. A client can then procure a ticket‑granting ticket for the remote realm’s ticket‑granting service from its local ticket‑granting service. Tickets distributed to a service in the remote realm indicate that the client was authenticated from another realm.
This procedure can be used to authenticate throughout an organization across multiple realms. To construct an authentication path to a foreign realm, the local realm must share an inter‑realm key with the target realm or with an intermediate realm that communicates with the target realm or with another intermediate realm.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|