ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamz_5.4.0.1/rzamzdomains.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Domains" />
<meta name="abstract" content="Use this information to learn about the differences between EIM domains and Windows domains, both of which are part of a single signon environment." />
<meta name="description" content="Use this information to learn about the differences between EIM domains and Windows domains, both of which are part of a single signon environment." />
<meta name="DC.Relation" scheme="URI" content="rzamzconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalveservercncpts.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakhconcept.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamzdomains" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Domains</title>
</head>
<body id="rzamzdomains"><a name="rzamzdomains"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Domains</h1>
<div><p>Use this information to learn about the differences between EIM
domains and Windows<sup>®</sup> domains, both of which are part of a single
signon environment.</p>
<p>Two types of domains play key roles in the single signon environment: EIM
domain and <span class="keyword">Windows 2000</span> domain.
 Although both of these terms contain the word domain, these entities have
very different definitions. Use the following descriptions to understand the
differences between these two types of domains.</p>
<dl><dt class="dlterm">EIM domain</dt>
<dd>An EIM domain is a collection of data, which includes the EIM identifiers,
EIM associations, and EIM user registry definitions that are defined in that
domain. This data is stored in a Lightweight Directory Access Protocol (LDAP)
server, such as the IBM<sup>®</sup> Directory Server for <span class="keyword">iSeries™</span>,
which can run on any system in the network, defined in that domain. Administrators
can configure systems (EIM clients), such as i5/OS™, to participate in the domain so
that systems and applications can use domain data for EIM lookup operations
and <a href="rzamzidentitymapping.htm#rzamzidentitymapping">identity
mapping</a>. </dd>
</dl>
<dl><dt class="dlterm">Windows 2000
domain</dt>
<dd>In the context of single signon, a <span class="keyword">Windows 2000</span> domain
is a Windows network
that contains several systems operating as clients and servers and a variety
of services and applications used by the systems. The following are some of
the components pertinent to single signon that you may find within a <span class="keyword">Windows 2000</span> domain:<p></p>
<dl><dt class="dlterm">Realm</dt>
<dd>A realm is a collection of machines and services. The main purpose of
a realm is to authenticate clients and services. Each realm uses a single
Kerberos server to manage the principals for that particular realm.</dd>
<dt class="dlterm">Kerberos server</dt>
<dd>A Kerberos server,  also known as a key distribution center (KDC), is
a network service that resides on the <span class="keyword">Windows 2000</span> server
and provides tickets and temporary session keys for network authentication
service. The Kerberos server maintains a database of principals (users and
services) and their associated secret keys. It is composed of the authentication
server and the ticket granting server. A Kerberos server uses Microsoft<sup>®</sup> Windows Active
Directory to store and manage the information in a Kerberos user registry.</dd>
<dt class="dlterm">Microsoft Windows Active
Directory</dt>
<dd>Microsoft Windows Active
Directory is an LDAP server that resides on the <span class="keyword">Windows 2000</span> server
along with the Kerberos server. The Active Directory is used to store and
manage the information in a Kerberos user registry. Microsoft Windows Active
Directory uses Kerberos authentication as its default security mechanism.
Therefore, if you are using Microsoft Active Directory to manage
your users, you are already using Kerberos technology.</dd>
</dl>
</dd>
</dl>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamzconcepts.htm" title="Use this information to learn about the underlying concepts for single signon for a better understanding of how you can plan to use single signon in your enterprise.">Concepts</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM) Overview</a></div>
<div><a href="../rzalv/rzalveservercncpts.htm">Enterprise Identity Mapping Concepts</a></div>
<div><a href="../rzakh/rzakhconcept.htm">Network authentication service</a></div>
</div>
</div>
</body>
</html>