Third-party AD delegation tools, 390
Third-party security policy management tools, 703
Ticket cookies, 250–51
Ticket-granting cookies, 250
Ticket Granting Service (TGS), 161
Ticket Granting Ticket (TGT), 148–49
defined, 148
reuse, 149
role, 149
ticket flags and, 184–86
Tickets
analyzing, 179–81
authenticator relationship, 179
cache, viewing, 187, 188
content, 179, 180
defined, 143
delegation support and, 165
distribution method 1, 145
distribution method 2, 146
flags, 184–86
purging, 188
size, 182
Time sensitivity, 193–97
SNTP operation, 194–96
time service configuration, 196–97
Token-based SSO systems, 305–6
authentication in, 305
defined, 305
example, 305
PKI-based SSO vs., 307
RPCs, 306
solutions, 306
Top-level name (TLN) restrictions
in avoiding DNS namespace collisions, 86
disabling DNS namespaces, 84
example, 86
for *.hr.hewlettpackardtest.net, 87, 88
Transitive trusts, 73–74
defined, 73
as logical concept, 74
in mixed-mode domains, 160
See also Trust(s)
Transport Layer Security (TLS), 209
browser-side revocation check error, 233
certificate validation, 231
configuring, 229
crypto accelerator devices, 234
See also Secure Sockets Layer (SSL)
Troubleshooting
authorization administration tools, 391
Kerberos tools, 199–200
PKI, tools, 640–41
Trust constraints
defining, 527–41
defining, with CAPolicy.ini, 528–32
defining, with version 2 certificate templates, 528
inheritance, 540–41
overview, 529
tools, 527–28
Trustdomain account object (TDO), 161
Trusted application model, 427–28
advantages, 427–28
impersonation/delegation vs., 428
Trusted Domain Objects (TDOs), 74–76
attributes, 82
forest type, 81
Trusted Root Certification Authorities container, 519
Trusted security infrastructures (TSIs)
authentication infrastructures, 5, 7–9
authorization infrastructures, 5, 10–13
challenge, 1–27
components, 4–5
core security services, 2
key management infrastructures, 5, 9–10
layer, 3
Microsoft and, 21–26
outsourcing and, 2
overview illustration, 19
positioning, 3–4
roles, 4–5, 6–17
security administration infrastructures, 4–5, 13–17
security design viewpoint, 4
SSO and, 2
unified example, 18–21
Trusted third parties (TTPs), 101, 493
environment, 2
servers, 1, 2
Trust relationships, 69–100
behind the scenes, 74–77
cross-certified, 499, 500, 521–27
defined, 69
defining, 69–71
forest, 78
hierarchical, 521
number required in Windows Server 2003, 74
one-way, 70
in PKI, 494
security authorities and, 70
trusting vs. trusted domain, 71
two-way transitive, 73
Trust(s)
constraints, 502–4
cross-realm, 203–6
firewalls and, 98–100
forest, 77–93
fundamental role of, 6
management tools, 95–98
PKI, 493–543
PKI, models, 495, 496–515
PKI, terminology, 495–96
properties, 71
secure channels and, 93–98
shortcut, 159–60
transitive, 73–74
troubleshooting tools, 96–97
Windows setup, 98
Trust taxonomy, 494–95
direct relationship, 494
indirect relationship, 495
Trust types
list of, 71
properties, 71
Windows, 72
Trust Wizard, 80, 81, 89