Windows NT 4.0 trust relationships aren�t transitive. Therefore, if domain2 (e.g., Marketing, in the Figure) trusts domain1 (Sales), and domain3 (Development) trusts domain2 (Marketing), domain3 (Development) doesn�t trust domain1 (Sales).
In Windows 2000, the trust relationships that connect members of a tree or forest are two-way, transitive Kerberos trusts. Thus, all the domains in a tree implicitly trust all the other domains in the tree or forest. Because trusts occur automatically when a domain joins a tree, time-consuming trust administration is unnecessary.
Kerberos is Win2K�s primary security protocol. Kerberos verifies a user�s identity and a session�s data integrity. Each domain controller (DC) has Kerberos services on it, and every Win2K workstation and server has a Kerberos client. A user's initial Kerberos authentication gives the user one logon session to enterprise resources. Kerberos isn�t a Microsoft protocol but is based on MIT�s Kerberos 5.0. For more information about Kerberos, see the Internet Engineering Task Force (IETF) Requests For Comments (RFC) 1510,
|
|
|
|
|
|
|
|