Problem Statement on the Cross-Realm Operation of Kerberos
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, krb-wg mailing list <email@example.com>, krb-wg chair <firstname.lastname@example.org> Subject: Document Action: 'Problem statement on the cross-realm operation of Kerberos' to Informational RFC The IESG has approved the following document: - 'Problem statement on the cross-realm operation of Kerberos ' <draft-ietf-krb-wg-cross-problem-statement-06.txt> as an Informational RFC This document is the product of the Kerberos Working Group. The IESG contact persons are Tim Polk and Pasi Eronen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-cross-problem-statement-06.txt
Technical Summary There are some issues when the cross-realm operation of the Kerberos Version 5 [RFC4120] will emerge when deployed into real world systems. This document describes two classes of fairly complex systems where cross-realm kereberos could be applied, and lists requirements and restriction of the operation in such systems. Then it describes issues when we apply the cross-realm operation to such systems. Working Group Summary This document represents the consensus of the Kerberos Working Group. Document Quality This document does not specify a protocol; rather, it analyzes the use of Kerberos cross-realm authentication and discusses a number of issues which may impede some deployments. Solutions to some of these problems are under active development. Personnel The Document Shepherd for this document is Jeffrey Hutzelman. The responsible Area Director is Tim Polk.