A trust domain is defined as?
In the Microsoft documentation about using Kerberos, it is stated that: Both the server and the client computers must be members of the same Windows domain or members of trusted domains.
If this criteria fails then Windows will revert to NTLM authentication.
I understand the concept of a client computer being in a Windows domain will satisfy the criteria for sharing the Kerberos authentication but I am interested in the other part of the OR criteria, "or members of a trusted domain".
How is this membership defined? The definition here is not very clear. More specifically I would like to provide membership to a Linux based machine. Is this outside of Microsoft's intended design when they designed the definition of a "trusted domain"?
A Trust domain is defined as other Active Directory domains from which security principals can be recognized. For example, a child domain controller can recognize accounts from its parent domain, and principals from the parent domain can be members of security groups in the child domain. In two-way trusts, either domain can recognize security principals from the other. (Parent-child trusts are automatically created two-way trusts, but you can set up any kind of trust you want manually.) Trusts can also link domains that were previously completely separate, i.e. not part of the same forest. There is a trust password used to set up the secure channel. You can manage trusts with the Active Directory Domains and Trusts snap-in.