background image
276 Chapter 8: AppleTalk
Master Domain
The single master domain model consists of at least two domains, which use the trust concept
to implement communication between domains. In this model, all other domains trust a master
domain. However, the master domain trusts no one. This option is advantageous when
departments or divisions want administrative control over their own services and resources but
still want to authenticate centrally. The master domain is a good choice for companies that have
too many users for a single domain because of central server resources, but that still want their
shared resources split into groups for management purposes. In the master domain model, user
accounts can be located in the master (trusted) domain, and resources can be located in the
resource (trusting) domain. Figure 8-11 depicts the master domain model.
Figure 8-11
Master Domain Model
Multiple Master Domains
In a multiple master domain, each master domain is linked to every other master domain by a
two-way trust. Every resource domain trusts each of the master domains but does not trust the
other resource domains (see Figure 8-12).
Figure 8-12
Multiple Master Domain Model
This model is designed to be a larger version of the master domain model. To restate, several
master domains all trust each other, and each department in turn trusts each of the master
Master
domain
Single
domain
Single
domain
Single
domain
Master
Domain
1
Domain
2
Domain
3
Master
Domain
1A
Domain
2A
Domain
3A
87200333.book Page 276 Wednesday, August 22, 2001 2:37 PM