Академический Документы
Профессиональный Документы
Культура Документы
Trusts are the mechanism that ensures that a user who is authenticated in his home domain can access
resources in any trusted domain. In Windows Server 2003, there are two categories of trusts.
Transitive trusts and non-transitive trusts.
Transitive and Non-Transitive Trust
Transitive trust is one in which the trust relationship extended to one domain is automatically
extended to all other domains that trust that domain. For example, domain C directly trusts domain D.
Domain D directly trusts domain E. Because both trusts are transitive, domain C indirectly trusts
domain E. Transitive trusts are automatic. An example of transitive trust is a parent/child trust.
Non-transitive trusts are not automatic and must be setup explicitly. An
example of a non-transitive trust is an external trust.
1. The domain controller Vancouver sends a referral for its parent domain nwtraders.msft to the
users computer.
2. The user.s computer contacts a domain controller in nwtraders.msft for a referral to a domain
controller in the forest root domain of the Contoso.msft forest.
3. Using the referral returned by the domain controller in the nwtraders.msft domain, the user.s
computer contacts a domain controller in the Contoso.msft forest for a service ticket to the
requested service.
4. Because the resource is not located in the forest root domain of the Contoso.msft forest, the
domain controller contacts its global catalog to find the SPN. The global catalog finds a
match for the SPN and sends it back to the domain controllers
5. The domain controller sends the referral to seattle.contoso.msft to the user omputer.
6. The user.s computer contacts the KDC on the domain controller Seattle and negotiates a ticket
for the user to gain access to the resource in the domain seattle.contoso.msft.
7. The user.s computer sends the server service ticket to the computer on which the shared
resource is located, which reads the user.s security credentials and constructs an access token,
which gives the user access to the resource.
8. On the Direction of Trust page, perform one of the following steps: to create a two-way
trust, click Two-way, and then follow the wizard instructions. To create a one-way
incoming trust, click One-way: incoming, and then follow the wizard instructions. To
create a one-way outgoing trust, click One-way: outgoing, and then follow the wizard
instructions.