What is a Kerberos trust?
Windows NT 4.0 trust relationships aren’t transitive. Therefore, if domain2
(e.g., Marketing, in the Figure) trusts domain1 (Sales), and domain3
(Development) trusts domain2 (Marketing), domain3 (Development) doesn’t trust
domain1 (Sales).
In Windows 2000, the trust relationships that connect members of a tree or
forest are two-way, transitive Kerberos trusts. Thus, all the domains in a tree
implicitly trust all the other domains in the tree or forest. Because trusts
occur automatically when a domain joins a tree, time-consuming trust
administration is unnecessary.
Kerberos is Win2K’s primary security protocol. Kerberos verifies a user’s
identity and a session’s data integrity. Each domain controller (DC) has
Kerberos services on it, and every Win2K workstation and server has a Kerberos
client. A user's initial Kerberos authentication gives the user one logon
session to enterprise resources. Kerberos isn’t a Microsoft protocol but is
based on MIT’s Kerberos 5.0. For more information about Kerberos, see the
Internet Engineering Task Force (IETF) Requests For Comments (RFC) 1510,
Security FAQ
Windows Privacy Tools - http//www.privacywindows.com
| 
