Trust Relationships

To give explicit permission for principals in other cells to engage in authenticated access to objects in your cell, you must establish a trust relationship with that cell. You do this using the dcecp registry connect command to create two special accounts: one in your cell's registry to represent the foreign cell and one in the foreign cell's registry to represent your cell. Establishing these accounts indicates that you trust the foreign cell's authentication service to correctly authenticate foreign users, and, therefore, you consider all users from this cell to be authenticated if they are marked as authenticated by the foreign cell's authentication service.

Once the trust relationship is established, you can control foreign principals' access to specific objects with ACL entries, just as you do for principals in the local cell. The trust relationship also allows users in the foreign cell to log into accounts in the local cell and vice versa.

Two kinds of trust relationships allow principals in other cells to engage in authenticated access to objects in your cell. These relationships are direct trust relationships and hierarchical transitive trust relationships. Throughout this topic the term transitive trust relationship is used to indicate the DCE implementation of hierarchical transitive trust relationships.

More:

Direct Trust Relationships

Transitive Trust Relationships

Establishing Trust Relationships

Constraints on Transitive Trust Relationships