Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2011-09-07) Kerberos Authentication Over An External Trust – Is It Possible? (Part 4)

Posted by Jorge on 2011-09-07


In PART 1 I explained the setup I will use.

In PART 2 I showed the usage of Kerberos authN accessing the websites on the local web server.

In PART 3 I showed the usage of Kerberos authN accessing the websites from another computer in the same AD forest/domain.

In this post I will show the usage of Kerberos authN when logged on to a computer in another AD forest/domain, while a FOREST TRUST is in place

In the previous posts the proof is delivered Kerberos AuthN is working against those two website. Let’s now perform the exact same test using a Forest Trust and an External Trust. Let’s first start with a FOREST TRUST.

Detailed Configuration of the Forest Trust is shown below

image

In the following picture, I’m logged on to an RWDC (“R1FSRWDC1.ADCORP.LAB”) in the AD CORP domain with the default AD CORP admin account (renamed from “ADCORP\administrator” to “ADCORP\ADM.ROOT”) that’s a domain admin within the AD CORP forest/domain and accessing the website “DELEGCONFIG.ADDMZ.LAN”. As you can see Kerberos authN is being used. In addition the picture contains the proof that a Forest Trust is in place, which supports Kerberos as we all know!

image

In the following picture, I’m logged on to an RWDC (“R1FSRWDC1.ADCORP.LAB”) in the AD CORP domain with the default AD CORP admin account (renamed from “ADCORP\administrator” to “ADCORP\ADM.ROOT”) that’s a domain admin within the AD CORP forest/domain and accessing the website “R2FSMBSVA.ADDMZ.LAN”. As you can see Kerberos authN is being used. In addition the picture contains the proof that a Forest Trust is in place, which supports Kerberos as we all know!

image

This continues in PART 5, which is the NEXT and LAST post.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

3 Responses to “(2011-09-07) Kerberos Authentication Over An External Trust – Is It Possible? (Part 4)”

  1. […] PART 4 I showed the usage of Kerberos authN when logged on to a computer in another AD forest/domain, […]

  2. […] continues in PART 4, which is the NEXT […]

  3. […] PART 4 I showed the usage of Kerberos authN when logged on to a computer in another AD forest/domain, […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: