I also said that it is possible without domain trust. The most common scenario is that the domain where the principal resides for the SAP system trusts the domain(s) where the users authenticate. However, it is also possible to setup Kerberos where the domain that the user authenticates against is NOT trusted by the domain used by the SAP system. This requires that the product being used supports this...
↧