OAuth 2.0 support for the Kerberos V5 Authentication Protocol

Document Type Expired Internet-Draft (individual)
Author Thomas Hardjono 
Last updated 2010-12-08
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This draft proposes an OAuth2.0 profile for Kerberos v5. We compare the Kerberos protocol flow with the OAuth protocol flow and as far as possible map the relevant parameters in Kerberos to OAuth parameters. We propose the use of the OAuth 2.0 message flows and its tokens to carry Kerberos TGTs and Service Tickets in an opaque manner.


Thomas Hardjono (hardjono@mit.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)