What is a Kerberos trust?

Windows NT 4.0 trust relationships arenít transitive. Therefore, if domain2 (e.g., Marketing, in the Figure) trusts domain1 (Sales), and domain3 (Development) trusts domain2 (Marketing), domain3 (Development) doesnít trust domain1 (Sales).

In Windows 2000, the trust relationships that connect members of a tree or forest are two-way, transitive Kerberos trusts. Thus, all the domains in a tree implicitly trust all the other domains in the tree or forest. Because trusts occur automatically when a domain joins a tree, time-consuming trust administration is unnecessary.

Kerberos is Win2Kís primary security protocol. Kerberos verifies a userís identity and a sessionís data integrity. Each domain controller (DC) has Kerberos services on it, and every Win2K workstation and server has a Kerberos client. A user's initial Kerberos authentication gives the user one logon session to enterprise resources. Kerberos isnít a Microsoft protocol but is based on MITís Kerberos 5.0. For more information about Kerberos, see the Internet Engineering Task Force (IETF) Requests For Comments (RFC) 1510,

1st Security Agent

Mail Bomber

Security Administrator

PC Lockup

Access Lock

Access Administrator Pro

ABC Security Protector

1st Security Agent

Mail Bomber

Security Administrator for Windows

PC Lockup

Access Lock

Access Administrator

ABC Security Protector

http//www.softheap.com