RFC 4120:The Kerberos Network Authentication Servi...
RFC-Ref

The Kerberos Network Authentication Service (V5)


1. Introduction
1.1. The Kerberos Protocol
1.2. Cross-Realm Operation
1.3. Choosing a Principal with Which to Communicate
1.4. Authorization
1.5. Extending Kerberos without Breaking Interoperability
1.5.1. Compatibility with RFC 1510
1.5.2. Sending Extensible Messages
1.6. Environmental Assumptions
1.7. Glossary of Terms
2. Ticket Flag Uses and Requests
2.1. Initial, Pre-authenticated, and Hardware-Authenticated Tickets
2.2. Invalid Tickets
2.3. Renewable Tickets
2.4. Postdated Tickets
2.5. Proxiable and Proxy Tickets
2.6. Forwardable Tickets
2.7. Transited Policy Checking
2.8. OK as Delegate
2.9. Other KDC Options
2.9.1. Renewable-OK
2.9.2. ENC-TKT-IN-SKEY
2.9.3. Passwordless Hardware Authentication
3. Message Exchanges
3.1. The Authentication Service Exchange
3.1.1. Generation of KRB_AS_REQ Message
3.1.2. Receipt of KRB_AS_REQ Message
3.1.3. Generation of KRB_AS_REP Message
3.1.4. Generation of KRB_ERROR Message
3.1.5. Receipt of KRB_AS_REP Message
3.1.6. Receipt of KRB_ERROR Message
3.2. The Client/Server Authentication Exchange
3.2.1. The KRB_AP_REQ Message
3.2.2. Generation of a KRB_AP_REQ Message
3.2.3. Receipt of KRB_AP_REQ Message
3.2.4. Generation of a KRB_AP_REP Message
3.2.5. Receipt of KRB_AP_REP Message
3.2.6. Using the Encryption Key
3.3. The Ticket-Granting Service (TGS) Exchange
3.3.1. Generation of KRB_TGS_REQ Message
3.3.2. Receipt of KRB_TGS_REQ Message
3.3.3. Generation of KRB_TGS_REP Message
3.3.3.1. Checking for Revoked Tickets
3.3.3.2. Encoding the Transited Field
3.3.4. Receipt of KRB_TGS_REP Message
3.4. The KRB_SAFE Exchange
3.4.1. Generation of a KRB_SAFE Message
3.4.2. Receipt of KRB_SAFE Message
3.5. The KRB_PRIV Exchange
3.5.1. Generation of a KRB_PRIV Message
3.5.2. Receipt of KRB_PRIV Message
3.6. The KRB_CRED Exchange
3.6.1. Generation of a KRB_CRED Message
3.6.2. Receipt of KRB_CRED Message
3.7. User-to-User Authentication Exchanges
4. Encryption and Checksum Specifications
5. Message Specifications
5.1. Specific Compatibility Notes on ASN.1
5.1.1. ASN.1 Distinguished Encoding Rules
5.1.2. Optional Integer Fields
5.1.3. Empty SEQUENCE OF Types
5.1.4. Unrecognized Tag Numbers
5.1.5. Tag Numbers Greater Than 30
5.2. Basic Kerberos Types
5.2.1. KerberosString
5.2.2. Realm and PrincipalName
5.2.3. KerberosTime
5.2.4. Constrained Integer Types
5.2.5. HostAddress and HostAddresses
5.2.6. AuthorizationData
5.2.6.1. IF-RELEVANT
5.2.6.2. KDCIssued
5.2.6.3. AND-OR
5.2.6.4. MANDATORY-FOR-KDC
5.2.7. PA-DATA
5.2.7.1. PA-TGS-REQ
5.2.7.2. Encrypted Timestamp Pre-authentication
5.2.7.3. PA-PW-SALT
5.2.7.4. PA-ETYPE-INFO
5.2.7.5. PA-ETYPE-INFO2
5.2.8. KerberosFlags
5.2.9. Cryptosystem-Related Types
5.3. Tickets
5.4. Specifications for the AS and TGS Exchanges
5.4.1. KRB_KDC_REQ Definition
5.4.2. KRB_KDC_REP Definition
5.5. Client/Server (CS) Message Specifications
5.5.1. KRB_AP_REQ Definition
5.5.2. KRB_AP_REP Definition
5.5.3. Error Message Reply
5.6. KRB_SAFE Message Specification
5.6.1. KRB_SAFE definition
5.7. KRB_PRIV Message Specification
5.7.1. KRB_PRIV Definition
5.8. KRB_CRED Message Specification
5.8.1. KRB_CRED Definition
5.9. Error Message Specification
5.9.1. KRB_ERROR Definition
5.10. Application Tag Numbers
6. Naming Constraints
6.1. Realm Names
6.2. Principal Names
6.2.1. Name of Server Principals
7. Constants and Other Defined Values
7.1. Host Address Types
7.2. KDC Messaging: IP Transports
7.2.1. UDP/IP transport
7.2.2. TCP/IP Transport
7.2.3. KDC Discovery on IP Networks
7.2.3.1. DNS vs. Kerberos: Case Sensitivity of Realm Names
7.2.3.2. Specifying KDC Location Information with DNS SRV records
7.2.3.3. KDC Discovery for Domain Style Realm Names on IP Networks
7.3. Name of the TGS
7.4. OID Arc for KerberosV5
7.5. Protocol Constants and Associated Values
7.5.1. Key Usage Numbers
7.5.2. PreAuthentication Data Types
7.5.3. Address Types
7.5.4. Authorization Data Types
7.5.5. Transited Encoding Types
7.5.6. Protocol Version Number
7.5.7. Kerberos Message Types
7.5.8. Name Types
7.5.9. Error Codes
8. Interoperability Requirements
8.1. Specification 2
8.2. Recommended KDC Values
9. IANA Considerations
10. Security Considerations
11. Acknowledgements
11.1. A. ASN.1 module
11.2. B. Changes since RFC 1510
12. ENDNOTES
13. Normative References
14. Informative References
15. Authors' Addresses
16. Full Copyright Statement
17. Intellectual Property
18. Acknowledgement

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org