Authentication Indicator in Kerberos tickets

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Anupam Jain  , Nathan Kinder  , Nathaniel McCallum 
Last updated 2014-04-21 (latest revision 2013-10-18)
Replaced by RFC 8129, RFC 8129
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document proposes an extension in the Kerberos protocol. It defines a new Authorization Data Type AUTHENTICATION-INDICATOR. The purpose of introducing this data type is to include an indicator of the client's authentication strength in the service tickets so that the application services can use it as an input into policy decisions.


Anupam Jain (
Nathan Kinder (
Nathaniel McCallum (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)