There are two steps to creating an interdomain trust relationship. To effect a two-way trust relationship, it is necessary for each domain administrator to create a trust account for the other domain to use in verifying security credentials. 15.3.1 Creating an NT4 Domain TrustFor MS Windows NT4, all domain trust relationships are configured using the Domain User Manager. This is done from the Domain User Manager Policies entry on the menu bar. From the Policy menu, select Trust Relationships . Next to the lower box labeled Permitted to Trust this Domain are two buttons , Add and Remove . The Add button will open a panel in which to enter the name of the remote domain that will be able to assign access rights to users in your domain. You will also need to enter a password for this trust relationship, which the trusting domain will use when authenticating users from the trusted domain. The password needs to be typed twice (for standard confirmation). 15.3.2 Completing an NT4 Domain TrustA trust relationship will work only when the other (trusting) domain makes the appropriate connections with the trusted domain. To consummate the trust relationship, the administrator will launch the Domain User Manager from the menu select Policies , then select Trust Relationships , click on the Add button next to the box that is labeled Trusted Domains . A panel will open in which must be entered the name of the remote domain as well as the password assigned to that trust. 15.3.3 Inter-Domain Trust FacilitiesA two-way trust relationship is created when two one-way trusts are created, one in each direction. Where a one-way trust has been established between two MS Windows NT4 domains (let's call them DomA and DomB), the following facilities are created: Figure 15.1. Trusts overview.
|