ApacheDS 2.0
Downloads
Documentation
- Basic User Guide
- Advanced User Guide
- Developer Guide
- Kerberos User Guide
- Configuration
- JavaDocs
- Cross-Reference
Support
Community
About Apache
1.2.3 - Standards
The Kerberos Protocol is based on public RFCs. There is also a Kerberos woking group at the IETF, you can check this page.
Obsoleted RFCs
- RFC 1411 - Telnet Authentication: Kerberos Version 4
- RFC 1510 - The Kerberos Network Authentication Service (V5) (Obsoleted by 4120, 6649)
Valid RFS and updates
- RFC 1964 - The Kerberos Version 5 GSS-API Mechanism (updated by 4121, 6649)
- RFC 2623 - NFS Version 2 and Version 3 Security Issues and the NFS Protocol’s Use of RPCSEC_GSS and Kerberos V5
- RFC 2712 - Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)
- RFC 2942 - Telnet Authentication: Kerberos Version 5
- RFC 3244 - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
- RFC 3961 - Encryption and Checksum Specifications for Kerberos 5
- RFC 3962 - Advanced Encryption Standard (AES) Encryption for Kerberos 5
- RFC 4120 - The Kerberos Network Authentication Service (V5) (Updated by 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806)
- RFC 4121 - The Kerberos Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (Updated by 6112, 6542, 6649)
- RFC 4402 - A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism
- RFC 4537 - Kerberos Cryptosystem Negotiation Extension
- RFC 4556 - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (updated by 6612)
- RFC 4557 - Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
- RFC 4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
- RFC 4752 - The Kerberos V5 (“GSSAPI”) Simple Authentication and Security Layer (SASL) Mechanism
- RFC 4757 - The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows (updated by 6649)
- RFC 5021 - Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP
- RFC 5179 - Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism
- RFC 5349 - Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
- RFC 5868 - Problem Statement on the Cross-Realm Operation of Kerberos
- RFC 5896 - Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy
- RFC 6111 - Additional Kerberos Naming Constraints
- RFC 6112 - Anonymity Support for Kerberos
- RFC 6113 - A Generalized Framework for Kerberos Pre-Authentication
- RFC 6251 - Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol
- RFC 6448 - The Unencrypted Form of Kerberos 5 KRB-CRED Message
- RFC 6542 - Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility
- RFC 6560 - One-Time Password (OTP) Pre-Authentication
- RFC 6649 - Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
- RFC 6784 - Kerberos Options for DHCPv6
- RFC 6803 - Camellia Encryption for Kerberos 5
- RFC 6806 - Kerberos Principal Name Canonicalization and Cross-Realm Referrals
Here are some drafts :
- draft-burgin-kerberos-aes-cbc-hmac-sha2 - AES Encryption with HMAC-SHA2 for Kerberos 5
- draft-burgin-kerberos-suiteb - Suite B Profile for Kerberos 5
- draft-ietf-kitten-kerberos-iana-registries - Move Kerberos protocol parameter registries to IANA
- draft-ietf-krb-wg-cammac - Kerberos Authorization Data Container Authenticated by Multiple MACs
- draft-ietf-krb-wg-kdc-model - An information model for Kerberos version 5
- draft-ietf-krb-wg-pkinit-alg-agility - PKINIT Algorithm Agility
- draft-perez-krb-wg-gss-preauth - GSS-API pre-authentication for Kerberos draft-perez-krb-wg-gss-preauth-02