Will I see you there ? I hope so .....
However, the conversation around two-way forest-level transitive trust has come up on another project, so I was looking for a good definition of it in a WebSphere context.
This section of the WAS 7 Info Centre is definitely worth a read: -
The Kerberos authentication mechanism enables interoperability with other applications (such as .NET, DB2 and others) that support Kerberos authentication. It provides single sign on (SSO) end-to-end interoperable solutions and preserves the original requester identity.
Note: Security support for Kerberos as the authentication mechanism was added for WebSphere Application Server Version 7.0. Kerberos is a mature, flexible, open, and very secure network authentication protocol. Kerberos includes authentication, mutual authentication, message integrity and confidentiality and delegation features. You can enable Kerberos on the server side. Support is provided to enable the rich Java client to use the Kerberos token for authentication to the WebSphere Application Server.
Kerberos (KRB5) authentication mechanism support for security
and includes a useful set of links, including: -
- What is Kerberos?
- The benefits of having Kerberos as an authentication mechanism
- Kerberos authentication in a single Kerberos realm environment
- Kerberos authentication in a cross or trusted Kerberos realm environment
- Things to consider before setting up Kerberos as the authentication mechanism for WAS
- Support information for Kerberos authentication
- Setting up Kerberos as the authentication mechanism for WAS
- Setting up Kerberos as the authentication mechanism for the pure Java client