Forest and Interforest Authentication
Within a Windows 2000 or Windows Server 2003 forest, trusts between domains are based on Kerberos version 5 and are both two-way and transitive. Transitive trust means that every domain within the forest trusts every other domain in the forest. A user with a valid domain account in one of the domains in the forest can authenticate from a computer in any of the other domains in the forest. In a Windows NT 4 domain, trust with another domain is one-way and nontransitive, although two one-way trusts can be created to establish bi-directional trusts. The authentication protocol used across trusts within a forest depends, as it does within a domain, on the client and server operating systems and their configurations. ...
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
