Skip to main content

Problem Statement on the Cross-Realm Operation of Kerberos
RFC 5868

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>, 
    krb-wg mailing list <>, 
    krb-wg chair <>
Subject: Document Action: 'Problem statement on the cross-realm operation of Kerberos' to Informational RFC

The IESG has approved the following document:

- 'Problem statement on the cross-realm operation of Kerberos '
   <draft-ietf-krb-wg-cross-problem-statement-06.txt> as an Informational RFC

This document is the product of the Kerberos Working Group. 

The IESG contact persons are Tim Polk and Pasi Eronen.

A URL of this Internet-Draft is:

Ballot Text

Technical Summary

  There are some issues when the cross-realm operation of the Kerberos
  Version 5 [RFC4120] will emerge when deployed into real world systems.
  This document describes two classes of fairly complex systems where
  cross-realm kereberos could be applied, and lists requirements and
  restriction of the operation in such systems.  Then it describes issues

  when we apply the cross-realm operation to such systems.

Working Group Summary

  This document represents the consensus of the Kerberos Working Group.

Document Quality

  This document does not specify a protocol; rather, it analyzes the
  use of Kerberos cross-realm authentication and discusses a number
  of issues which may impede some deployments.  Solutions to some of
  these problems are under active development.


  The Document Shepherd for this document is Jeffrey Hutzelman.
  The responsible Area Director is Tim Polk.

RFC Editor Note