Initial and Pass Through Authentication Using Kerberos V5 and GSS-API (IAKERB)
draft-ietf-cat-iakerb-09
| Document | Type |
Expired Internet-Draft
(krb-wg WG)
Expired & archived
|
|
|---|---|---|---|
| Authors | Dr. Bernard D. Aboba , Glen Zorn , Dr. Jonathan Trostle , Michael Swift | ||
| Last updated | 2004-02-13 (Latest revision 2002-10-07) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Dead WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired (IESG: Dead) | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Russ Housley | ||
| Send notices to | <deengert@anl.gov> |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document defines extensions to the Kerberos protocol specification (RFC 1510 [1]) and GSSAPI Kerberos protocol mechanism (RFC 1964 [2]) that enables a client to obtain Kerberos tickets for services where the KDC is not accessible to the client, but is accessible to the application server. Some common scenarios where lack of accessibility would occur are when the client does not have an IP address prior to authenticating to an access point, the client is unable to locate a KDC, or a KDC is behind a firewall. The document specifies two protocols to allow a client to exchange KDC messages (which are GSS encapsulated) with an IAKERB proxy instead of a KDC.
Authors
Dr. Bernard D. Aboba
Glen Zorn
Dr. Jonathan Trostle
Michael Swift
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)