Skip to main content

Bootstrapping Kerberos

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Hannes Tschofenig
Last updated 2004-07-13
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document proposes a mechanism to obtain a Kerberos Ticket Granting Ticket based on a successful EAP authentication and key agreement message exchange. The initial network access authentication procedure based on EAP is ideal for this purpose. This proposal allows Kerberos to be used within a local network without relying on a global Kerberos infrastructure. It should allow an incremental deployment of Kerberos and a wider distribution of Kerberos into roaming environments.


Hannes Tschofenig

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)