XKDCP, the Inter-KDC protocol for cross-realm operations in Kerberos.
draft-zrelli-krb-xkdcp-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Saber Zrelli | ||
| Last updated | 2006-06-19 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This memo proposes protocol extensions to the Kerberos protocol specification. The extension (hereafter called XKDCP) offers a new cross-realm protocol for Kerberos. The XKDCP extension defines a protocol between Kerberos Key Distribution Centers (KDCs) that allows a KDC to build credentials even when the client or the requested service is not registered in the KDC's database (but registered in another KDC's database). The XKDCP extension defines two protocols: XTGSP (Inter Ticket Granting Service Protocol) and XASP (Inter Authentication Service Protocol). The XTGSP protocol can be used in remote access scenarios to allow the local KDC to deliver credentials for services located in remote realms. On the other hand, the XASP protocol can be used in case of cross-realm roaming scenarios to allow the visited KDC to deliver credentials for roaming users.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)