Creating a trust relationship between realms

Establishing a trust relationship between realms creates a shortcut for authentication.

This function is optional because by default the Kerberos protocol searches the realm hierarchy looking for trust. This function is useful if you have realms in different domains and want to make this process faster. To set up realm trust, each Kerberos server for each realm must share a key. Before you create a trust relationship in network authentication service, you must set up the Kerberos servers to trust one another. To create a trust relationship among realms, follow these steps:

  1. In IBM® Navigator for i, expand IBM i Management > Security > All Tasks > Network Authentication Service.
  2. Click Realm.
  3. Right-click the name of the realm in the right pane and select Properties.
  4. On the Trusted Realms tab, enter the names of the realms that you want to establish trust.
    For example, valid names for the trust relationship might be: ORDEPT.MYCO.COM and SHIPDEPT.MYCO.COM.
  5. Click Add.
    This will add the trust association in the table.
  6. Click OK.