Browse Prior Art Database

The Kerberos Version 5 GSS-API Mechanism (RFC1964)

IP.com Disclosure Number: IPCOM000004188D
Original Publication Date: 1996-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 17 page(s) / 44K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Linn: AUTHOR

Abstract

This specification defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (as specified in RFCs 1508 and 1509) when using Kerberos Version 5 technology (as specified in RFC 1510).

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group J. Linn

Request for Comments: 1964 OpenVision Technologies

Category: Standards Track June 1996

The Kerberos Version 5 GSS-API Mechanism

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

ABSTRACT

This specification defines protocols, procedures, and conventions to

be employed by peers implementing the Generic Security Service

Application Program Interface (as specified in RFCs 1508 and 1509)

when using Kerberos Version 5 technology (as specified in RFC 1510).

ACKNOWLEDGMENTS

Much of the material in this memo is based on working documents

drafted by John Wray of Digital Equipment Corporation and on

discussions, implementation activities, and interoperability testing

involving Marc Horowitz, Ted Ts'o, and John Wray. Particular thanks

are due to each of these individuals for their contributions towards

development and availability of GSS-API support within the Kerberos

Version 5 code base.

1. Token Formats

This section discusses protocol-visible characteristics of the GSS-

API mechanism to be implemented atop Kerberos V5 security technology

per RFC-1508 and RFC-1510; it defines elements of protocol for

interoperability and is independent of language bindings per RFC-

1509.

Tokens transferred between GSS-API peers (for security context

management and per-message protection purposes) are defined. The

data elements exchanged between a GSS-API endpoint implementation and

the Kerberos KDC are not specific to GSS-API usage and are therefore

defined within RFC-1510 rather than within this specification.

To support ongoing experimentation, testing, and evolution of the

specification, the Kerberos V5 GSS-API mechanism as defined in this

and any successor memos will be identified with the following Object

Identifier, as defined in RFC-1510, until the specification is

advanced to the level of Proposed Standard RFC:

{iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}

Upon advancement to the level of Proposed Standard RFC, the Kerberos

V5 GSS-API mechanism will be identified by an Object Identifier

having the value:

{iso(1) member-body(2) United States(840) mit(113554) infosys(1)

gssapi(2) krb5(2)}

1.1. Context Establishment Tokens

Per RFC-1508, Appendix B, the initial context establishment token

will be enclosed within framing as follows:

InitialContextToken ::=

[APPLICATION 0] IMPLICIT SEQUENCE {

thisMech MechType

-- MechType is OBJECT IDENTIFIER

-- representing "Kerberos V5"

...