Realm trusts enable connectivity between Windows Server 2012 running Active Directory and other systems, such as UNIX and Linux running a Kerberos-compatible server. You establish a realm trust inside the Active Directory Domains and Trusts console.
Within the Active Directory Domains and Trusts console, right-clicking the domain for which the trust will be created and selecting Properties reveals that domain’s Properties sheet.Within that Properties sheet, the Trusts tab contains information about trusts for the domain.
See Figure 4-1 for an example of this tab.
FIGURE 4-1 Use the Trusts tab to work with and create new trusts.
Clicking New Trust begins the New Trust Wizard. The first step of the New Trust Wizard involves entering the domain to be trusted in the Name text box, as shown in Figure 4-2.
FIGURE 4-2 Entering the name of the new trust.
Next, you select the trust type, which should be set to Realm Trust, as shown in Figure 4-3.
FIGURE 4-3 Setting the trust type.
You set the trust’s transitivity next, as shown in Figure 4-4. You can set the transitivity according to the organizational needs for this trust.
FIGURE 4-4 Setting the transitivity of the trust.
The direction for the trust is set next (see Figure 4-5), again to be set according to the organization’s needs.
FIGURE 4-5 The direction of the trust is set in the Direction of Trust dialog box.
Next, the trust password is set, as shown in Figure 4-6.
FIGURE 4-6 Setting the password for the trust.
With that configuration, the trust is created within the Windows domain. Configuration also needs to occur on the Kerberos server responsible for the domain being trusted. This configuration depends on the Kerberos implementation.
Once the trust is created, you can change it at any time on the Trusts tab of the domain’s Properties sheet. You also can configure support for Kerberos AES encryption within the trust’s properties, as shown in Figure 4-7.
FIGURE 4-7 Properties for a trust.
