Like the single master domain, the multiple master domain model requires users to have only a single domain account and to log in only once. User administration is relatively centralized and generally remains separate from resource management. As before, administrators grant rights to users by assigning users to groups that have the required access privileges. However, the multiple domain model is more complex and can have considerably more individual trust relationships to set up and manage than the single domain model. In some organizations, political constraints may make it impossible to segregate user administration from resource management. One or more domains may need to handle their own user and group accounts as well as their network resources. In addition, the users in one domain may need access to resources in several other domains. In these circumstances, the complete trust model, as shown in Figure 5, may be necessary. In this model, each domain sets up a trust relationship directly with every other domain; the trust relationship may be one- or two-way, depending on the access needed.
|
|
|
|
|
|
|
|