Skip to main content

OAuth 2.0 support for the Kerberos V5 Authentication Protocol

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Thomas Hardjono
Last updated 2010-12-08
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This draft proposes an OAuth2.0 profile for Kerberos v5. We compare the Kerberos protocol flow with the OAuth protocol flow and as far as possible map the relevant parameters in Kerberos to OAuth parameters. We propose the use of the OAuth 2.0 message flows and its tokens to carry Kerberos TGTs and Service Tickets in an opaque manner.


Thomas Hardjono

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)