O'Reilly logo

Special Edition Using Microsoft Active Directory by James Hudson, Sean Fullerton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How Transitive Trusts Work

The reason transitive trusts work is very simple: Kerberos. Referring to Figure 18.2, domains B and C both trust domain A. Each domain has at least one DC, which means it has at least one Kerberos KDC. When a child domain is added to the tree, the TGSs in the parent and child become security principals in each other's domain and create and share a session key. When a user needs access to a service in another domain, the KDCs can collaborate and build an authentication referral path from the client to the server.

Cross-Domain Authentication Example

Figure 18.7 shows the fis.local domain with two child domains: sales.fis.local and mfg.fis.local. In this example, client.sales.fis.local wants to connect to server.mfg.fis.local. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required