Skip to main content

A Generalized Framework for Kerberos Pre-Authentication
RFC 6113

Revision differences

Document history

Date By Action
2018-12-20
(System)
Received changes through RFC Editor sync (changed abstract to 'Kerberos is a protocol for verifying the identity of principals (e.g., a workstation user or a …
Received changes through RFC Editor sync (changed abstract to 'Kerberos is a protocol for verifying the identity of principals (e.g., a workstation user or a network server) on an open network. The Kerberos protocol provides a facility called pre-authentication. Pre-authentication mechanisms can use this facility to extend the Kerberos protocol and prove the identity of a principal.

This document describes a more formal model for this facility. The model describes what state in the Kerberos request a pre-authentication mechanism is likely to change. It also describes how multiple pre-authentication mechanisms used in the same request will interact.

This document also provides common tools needed by multiple pre-authentication mechanisms. One of these tools is a secure channel between the client and the key distribution center with a reply key strengthening mechanism; this secure channel can be used to protect the authentication exchange and thus eliminate offline dictionary attacks. With these tools, it is relatively straightforward to chain multiple authentication mechanisms, utilize a different key management system, or support a new key agreement algorithm. [STANDARDS-TRACK]')
2015-10-14
(System) Notify list changed from krb-wg-chairs@ietf.org, draft-ietf-krb-wg-preauth-framework@ietf.org to (None)
2011-04-21
Cindy Morgan State changed to RFC Published from RFC Ed Queue.
2011-04-21
Cindy Morgan [Note]: 'RFC 6113' added by Cindy Morgan
2011-04-20
(System) RFC published