Question about cross realm authentification

[Hubert Chomette]

Hi,

We try to unify authentification between two departements in our
university.
The two departments have their own kdc, so cross realm should be the
more interesting thing.
What I have understand, is that a client from site A with a TGT from A
can ask for a cross realm TGT for B site and access to all SSOised
application to B.
But suppose that a user from site A go to site B. How can he
authentificate on a machine from site B (linux/windows computers using
kdc B authentification)?
does cross realm permit such things? Or should this user have an
account on site B to?

Thank's for your help

Regards,

Hubert