Initial and Pass Through Authentication Using Kerberos V5 and GSS-API (IAKERB)
draft-ietf-cat-iakerb-09
| Document | Type | Expired Internet-Draft (krb-wg WG) | |
|---|---|---|---|
| Authors | Dr. Bernard D. Aboba , Glen Zorn , Dr. Jonathan Trostle , Michael Swift | ||
| Last updated | 2004-02-13 (Latest revision 2002-10-07) | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | WG state | Dead WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired (IESG: Dead) | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Russ Housley | ||
| Send notices to | <deengert@anl.gov> |
https://www.ietf.org/archive/id/draft-ietf-cat-iakerb-09.txt
Abstract
This document defines extensions to the Kerberos protocol specification (RFC 1510 [1]) and GSSAPI Kerberos protocol mechanism (RFC 1964 [2]) that enables a client to obtain Kerberos tickets for services where the KDC is not accessible to the client, but is accessible to the application server. Some common scenarios where lack of accessibility would occur are when the client does not have an IP address prior to authenticating to an access point, the client is unable to locate a KDC, or a KDC is behind a firewall. The document specifies two protocols to allow a client to exchange KDC messages (which are GSS encapsulated) with an IAKERB proxy instead of a KDC.
Authors
Dr. Bernard D. Aboba
Glen Zorn
Dr. Jonathan Trostle
Michael Swift
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)