From 56048787336f6249e1eecfb0afaf2034a9a330ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sat, 20 Sep 2003 18:53:47 +0000
Subject: [PATCH] add some text about netdom.exe and trusts

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12892 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 doc/win2k.texi | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/doc/win2k.texi b/doc/win2k.texi
index 8bcba9e89..827915153 100644
--- a/doc/win2k.texi
+++ b/doc/win2k.texi
@@ -92,7 +92,8 @@ Server) for the domain.
 
 By default the trust will be non-transitive. This means that only users
 directly from the trusted domain may authenticate. This can be changed
-to transitive by using the @code{netdom.exe} tool.
+to transitive by using the @code{netdom.exe} tool. @code{netdom.exe} 
+can also be used to add the trust between two realms.
 
 You need to tell Windows 2000 on what hosts to find the KDCs for the
 non-Windows realm with @code{ksetup}, see @xref{Configuring Windows 2000
@@ -112,6 +113,13 @@ OK.
 
 Do not forget to add trusts in both directions.
 
+If you want to use @code{netdom.exe} instead of the Domain Tree
+Management tool, you do it like this,
+
+@example
+netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword
+@end example
+
 You also need to add the inter-realm keys to the Heimdal KDC. There are
 some tweaks that you need to do to @file{krb5.conf} beforehand.