@techreport{ietf-kitten-iakerb-03,
    number =    {draft-ietf-kitten-iakerb-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-kitten-iakerb/03/},
    author =    {Benjamin Kaduk and Jim Schaad and Larry Zhu and Jeffrey E. Altman},
    title =     {{Initial and Pass Through Authentication Using Kerberos V5 and the GSS- API (IAKERB)}},
    pagetotal = 13,
    year =      2017,
    month =     mar,
    day =       30,
    abstract =  {This document defines extensions to the Kerberos protocol and the GSS-API Kerberos mechanism that enable a GSS-API Kerberos client to exchange messages with the KDC by using the GSS-API acceptor as a proxy, encapsulating the Kerberos messages inside GSS-API tokens. With these extensions a client can obtain Kerberos tickets for services where the KDC is not accessible to the client, but is accessible to the application server.},
}