%% You should probably cite draft-ietf-krb-wg-ticket-extensions instead of this I-D. @techreport{lha-krb-wg-ticket-extensions-02, number = {draft-lha-krb-wg-ticket-extensions-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-lha-krb-wg-ticket-extensions/02/}, author = {Love Astrand}, title = {{Kerberos ticket extensions}}, pagetotal = 17, year = 2008, month = sep, day = 14, abstract = {The Kerberos protocol does not allow ticket extensions. This make it harder to deploy features like referrals and PKCROSS. Since the Kerberos protocol did not specified extensibility for the Ticket structure and the current implementations are aware of the contents of tickets, the extension protocol cannot simply extend the Ticket ASN.1 structure. Instead, the extension data needs to be hidden inside the ticket. This protocol defines two methods to add extend the tickets. The first method requires updated clients and is more in line with the future development of Kerberos. The second way does not require update client. To take advantage of this protocol the server (KDC or application server) need to update a well. The two methods are equivalent and there is a 1-1 mapping between them.}, }