Browse Prior Art Database

The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (RFC4121)

IP.com Disclosure Number: IPCOM000126391D
Original Publication Date: 2005-Jul-01
Included in the Prior Art Database: 2005-Jul-14
Document File: 21 page(s) / 44K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

L. Zhu: AUTHOR [+3]

Abstract

This document defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (GSS-API) when using the Kerberos Version 5 mechanism.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group                                             L. Zhu
Request for Comments: 4121                                 K. Jaganathan
Updates: 1964                                                  Microsoft
Category: Standards Track                                     S. Hartman
                                                                     MIT
                                                               July 2005


                        The Kerberos Version 5
   Generic Security Service Application Program Interface (GSS-API)
                         Mechanism: Version 2

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document defines protocols, procedures, and conventions to be
   employed by peers implementing the Generic Security Service
   Application Program Interface (GSS-API) when using the Kerberos
   Version 5 mechanism.

   RFC 1964 is updated and incremental changes are proposed in response
   to recent developments such as the introduction of Kerberos
   cryptosystem framework.  These changes support the inclusion of new
   cryptosystems, by defining new per-message tokens along with their
   encryption and checksum algorithms based on the cryptosystem
   profiles.


Zhu, et al.                 Standards Track                     [Page 1]
RFC 4121               Kerberos Version 5 GSS-API              July 2005


Table of Contents

   1. Introduction ....................................................2
   2. Key Derivation for Per-Message Tokens ...........................4
   3. Quality of Protection ...........................................4
   4. Definitions and Token Formats ...................................5
      4.1. Context Establishment Tokens ...............................5
           4.1.1. Authenticator Checksum ..............................6
      4.2. Per-Message Tokens .........................................9
           4.2.1. Sequence Number .....................................9
           4.2.2. Flags Field .........................................9
           4.2.3. EC Field ..................................