Many existing authentication protocols supporting inter-domain authentication on the Internet require their clients to communicate with every involved key distribution center (KDC) directly. This is inefficient and costly when the client side is a wireless mobile unit, for wireless transmission has relatively lower bandwidth, and a mobile unit is battery powered. In this paper, we present a mobile authentication protocol which only needs seven messages for inter-domain initial authentication regardless of the number of hops transited between the visited and home domains; four messages for subsequent authentication when the mobile user requests a different service provided by the visited domain; and two messages when the same service is requested again. With the enhanced version of BAN logic we propose, it is proved that our protocol can achieve more goals of authentication than those required by the original BAN logic.