We have a client/server setup in two different domains that implement kerberos authentication. In order for the authentication to work we need to set up a trust between the two domain controllers. In our test lab the two domain controllers are able to reach each other, and the trust is easily created via the trust management interface.
However, in our future production environment only our clients and servers have connection, while their respective domain controllers are not able to reach each other.
Every tutorial and guide I've come across seem to suppose that the two domain controllers are on the same network, or at least open for internet traffic. Ours are not. Is there a way to set up a trust that does not require connection?