Browse Prior Art Database

The Kerberos Version 5 GSS-API Mechanism (RFC1964)

IP.com Disclosure Number: IPCOM000004188D
Original Publication Date: 1996-Jun-01
Included in the Prior Art Database: 2019-Feb-12
Document File: 20 page(s) / 28K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Linn: AUTHOR

Related Documents

10.17487/RFC1964: DOI

Abstract

This specification defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (as specified in RFCs 1508 and 1509) when using Kerberos Version 5 technology (as specified in RFC 1510). [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group J. Linn Request for Comments: 1964 OpenVision Technologies Category: Standards Track June 1996

The Kerberos Version 5 GSS-API Mechanism

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

ABSTRACT

This specification defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (as specified in RFCs 1508 and 1509) when using Kerberos Version 5 technology (as specified in RFC 1510).

ACKNOWLEDGMENTS

Much of the material in this memo is based on working documents drafted by John Wray of Digital Equipment Corporation and on discussions, implementation activities, and interoperability testing involving Marc Horowitz, Ted Ts’o, and John Wray. Particular thanks are due to each of these individuals for their contributions towards development and availability of GSS-API support within the Kerberos Version 5 code base.

1. Token Formats

This section discusses protocol-visible characteristics of the GSS- API mechanism to be implemented atop Kerberos V5 security technology per RFC-1508 and RFC-1510; it defines elements of protocol for interoperability and is independent of language bindings per RFC- 1509.

Tokens transferred between GSS-API peers (for security context management and per-message protection purposes) are defined. The data elements exchanged between a GSS-API endpoint implementation and the Kerberos KDC are not specific to GSS-API usage and are therefore defined within RFC-1510 rather than within this specification.

Linn Standards Track [Page 1]

RFC 1964 Kerberos Version 5 GSS-API June 1996

To support ongoing experimentation, testing, and evolution of the specification, the Kerberos V5 GSS-API mechanism as defined in this and any successor memos will be identified with the following Object Identifier, as defined in RFC-1510, until the specification is advanced to the level of Proposed Standard RFC:

{iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}

Upon advancement to the level of Proposed Standard RFC, the Kerberos V5 GSS-API mechanism will be identified by an Object Identifier having the value:

{iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2)}

1.1. Context Establishment Tokens

Per RFC-1508, Appendix B, the initial context establishment token will be enclosed within framing as follows:

InitialContextToken ::= [APPLICATION 0] IMPLICIT SEQUENCE { thisMech MechType -- MechType is OBJECT IDENTIFIER -- representing "Kerberos V5" innerContextToken ANY DEFINED BY thisMech -- contents mechanism-specific; -- ASN.1 usage within innerContextToken -- is not required }

The innerContextToken of the initial co...

Processing...
Loading...