@techreport{ietf-cat-iakerb-09,
    number =    {draft-ietf-cat-iakerb-09},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-cat-iakerb/09/},
    author =    {Dr. Bernard D. Aboba and Glen Zorn and Dr. Jonathan Trostle and Michael Swift},
    title =     {{Initial and Pass Through Authentication Using Kerberos V5 and GSS-API (IAKERB)}},
    pagetotal = 13,
    year =      2002,
    month =     oct,
    day =       7,
    abstract =  {This document defines extensions to the Kerberos protocol specification (RFC 1510 {[}1{]}) and GSSAPI Kerberos protocol mechanism (RFC 1964 {[}2{]}) that enables a client to obtain Kerberos tickets for services where the KDC is not accessible to the client, but is accessible to the application server. Some common scenarios where lack of accessibility would occur are when the client does not have an IP address prior to authenticating to an access point, the client is unable to locate a KDC, or a KDC is behind a firewall. The document specifies two protocols to allow a client to exchange KDC messages (which are GSS encapsulated) with an IAKERB proxy instead of a KDC.},
}