Authentication Indicator in Kerberos tickets

Document Type Replaced Internet-Draft (individual)
Authors Anupam Jain  , Nathan Kinder  , Nathaniel McCallum 
Last updated 2015-03-01 (latest revision 2014-08-28)
Replaced by RFC 8129
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-kitten-krb-auth-indicator
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document proposes an extension in the Kerberos protocol. It defines a new Authorization Data Type AUTHENTICATION-INDICATOR. The purpose of introducing this data type is to include an indicator of the client's authentication strength in the service tickets so that the application services can use it as an input into policy decisions.


Anupam Jain (
Nathan Kinder (
Nathaniel McCallum (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)