Kerberos ticket extensions
draft-ietf-krb-wg-ticket-extensions-00
Document | Type |
Expired Internet-Draft
(krb-wg WG)
Expired & archived
|
|
---|---|---|---|
Author | Love Astrand | ||
Last updated | 2008-11-18 | ||
Replaces | draft-lha-krb-wg-ticket-extensions | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
The Kerberos protocol does not allow ticket extensions. This make it harder to deploy features like PKCROSS. Since the Kerberos protocol did not specified extensibility for the Ticket structure and the current implementations are aware of the contents of tickets, the extension protocol cannot simply extend the Ticket ASN.1 structure. Instead, the extension data needs to be hidden inside the ticket. This protocol defines two methods to add extend the tickets. The first method requires updated clients and is more in line with the future development of Kerberos. The second way does not require update client. To take advantage of this protocol the server (KDC or application server) need to update a well. The two methods are equivalent and there is a 1-1 mapping between them.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)