add some text about netdom.exe and trusts

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12892 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-09-20 18:53:47 +00:00
parent 600a32f5f0
commit 5604878733

View File

@@ -92,7 +92,8 @@ Server) for the domain.
By default the trust will be non-transitive. This means that only users
directly from the trusted domain may authenticate. This can be changed
to transitive by using the @code{netdom.exe} tool.
to transitive by using the @code{netdom.exe} tool. @code{netdom.exe}
can also be used to add the trust between two realms.
You need to tell Windows 2000 on what hosts to find the KDCs for the
non-Windows realm with @code{ksetup}, see @xref{Configuring Windows 2000
@@ -112,6 +113,13 @@ OK.
Do not forget to add trusts in both directions.
If you want to use @code{netdom.exe} instead of the Domain Tree
Management tool, you do it like this,
@example
netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword
@end example
You also need to add the inter-realm keys to the Heimdal KDC. There are
some tweaks that you need to do to @file{krb5.conf} beforehand.