Figure 5 uses the example of accessing a service in the MIT KDC realm from a Novell KDC realm.
Figure 8-2 Cross-realm Setup
The activity listed below uses the following terminology:
The background activity in a cross-realm setup is explained below:
An eDirectory™ user authenticates to novlrealm as edirprinc@novlrealm.
The application client requests a service ticket for the principal, host/mit.com@mitrealm, from KDC server hosting novlrealm.
The KDC server sends a service ticket for the principal, krbtgt/mitrealm@novlrealm, to the client.
The client sends this cross-realm ticket to MIT KDC hosting mitrealm, along with a request for a service ticket for the principal, host/mit.com@mitrealm.
MIT KDC sends the service ticket for host/mit.com@mitrealm to the application client.
The client sends this service ticket to the application server.