content/apacheds/kerberos-ug/1.2.3-standards.mdtext - directory-site - Git at Google

 Title: 1.2.3 - Standards
 NavPrev: 1.2.2-microsoft-compatibility.html
 NavPrevText: 1.2.2 - Microsoft compatibility
 NavUp: 1.2-resources.html
 NavUpText: 1.2 - Resources
 NavNext: 2-kerberos-config.html
 NavNextText: 2 - Kerberos Configuration
 Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership.  The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License.  You may obtain a copy of the License at
     .
     http://www.apache.org/licenses/LICENSE-2.0
     .
     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.

 # 1.2.3 - Standards

 The **Kerberos** Protocol is based on public RFCs. There is also a Kerberos woking group at the IETF, you can check [this page](http://datatracker.ietf.org/wg/krb-wg/).

 ## Obsoleted RFCs

 * [RFC 1411](http://www.ietf.org/rfc/rfc1411.txt) - Telnet Authentication: Kerberos Version 4
 * [RFC 1510](http://www.ietf.org/rfc/rfc1510.txt) - The Kerberos Network Authentication Service (V5)  (Obsoleted by 4120, 6649)

 ## Valid RFS and updates

 * [RFC 1964](http://www.ietf.org/rfc/rfc1964.txt) - The Kerberos Version 5 GSS-API Mechanism (updated by 4121, 6649)
 * [RFC 2623](http://www.ietf.org/rfc/rfc2623.txt) - NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5
 * [RFC 2712](http://www.ietf.org/rfc/rfc2712.txt) - Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)
 * [RFC 2942](http://www.ietf.org/rfc/rfc2942.txt) - Telnet Authentication: Kerberos Version 5
 * [RFC 3244](http://www.ietf.org/rfc/rfc3244.txt) - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
 * [RFC 3961](http://www.ietf.org/rfc/rfc3961.txt) - Encryption and Checksum Specifications for Kerberos 5
 * [RFC 3962](http://www.ietf.org/rfc/rfc3962.txt) - Advanced Encryption Standard (AES) Encryption for Kerberos 5
 * [RFC 4120](http://www.ietf.org/rfc/rfc4120.txt) - The Kerberos Network Authentication Service (V5)  (Updated by 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806)
 * [RFC 4121](http://www.ietf.org/rfc/rfc4121.txt) - The Kerberos Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (Updated by 6112, 6542, 6649)
 * [RFC 4402](http://www.ietf.org/rfc/rfc4402.txt) - A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism
 * [RFC 4537](http://www.ietf.org/rfc/rfc4537.txt) - Kerberos Cryptosystem Negotiation Extension
 * [RFC 4556](http://www.ietf.org/rfc/rfc4556.txt) - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (updated by 6612)
 * [RFC 4557](http://www.ietf.org/rfc/rfc4557.txt) - Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
 * [RFC 4559](http://www.ietf.org/rfc/rfc4559.txt) - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
 * [RFC 4752](http://www.ietf.org/rfc/rfc4752.txt) - The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism
 * [RFC 4757](http://www.ietf.org/rfc/rfc4757.txt) - The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows (updated by 6649)
 * [RFC 5021](http://www.ietf.org/rfc/rfc5021.txt) - Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP
 * [RFC 5179](http://www.ietf.org/rfc/rfc5179.txt) - Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism
 * [RFC 5349](http://www.ietf.org/rfc/rfc5349.txt) - Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
 * [RFC 5868](http://www.ietf.org/rfc/rfc5868.txt) - Problem Statement on the Cross-Realm Operation of Kerberos
 * [RFC 5896](http://www.ietf.org/rfc/rfc5896.txt) - Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy
 * [RFC 6111](http://www.ietf.org/rfc/rfc6111.txt) - Additional Kerberos Naming Constraints
 * [RFC 6112](http://www.ietf.org/rfc/rfc6112.txt) - Anonymity Support for Kerberos
 * [RFC 6113](http://www.ietf.org/rfc/rfc6113.txt) - A Generalized Framework for Kerberos Pre-Authentication
 * [RFC 6251](http://www.ietf.org/rfc/rfc6251.txt) - Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol
 * [RFC 6448](http://www.ietf.org/rfc/rfc6448.txt) - The Unencrypted Form of Kerberos 5 KRB-CRED Message
 * [RFC 6542](http://www.ietf.org/rfc/rfc6542.txt) - Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility
 * [RFC 6560](http://www.ietf.org/rfc/rfc6560.txt) - One-Time Password (OTP) Pre-Authentication
 * [RFC 6649](http://www.ietf.org/rfc/rfc6649.txt) - Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
 * [RFC 6784](http://www.ietf.org/rfc/rfc6784.txt) - Kerberos Options for DHCPv6
 * [RFC 6803](http://www.ietf.org/rfc/rfc6803.txt) - Camellia Encryption for Kerberos 5
 * [RFC 6806](http://www.ietf.org/rfc/rfc6806.txt) - Kerberos Principal Name Canonicalization and Cross-Realm Referrals

 ## Here are some drafts :

 * [draft-burgin-kerberos-aes-cbc-hmac-sha2](http://www.ietf.org/id/draft-burgin-kerberos-aes-cbc-hmac-sha2-02.txt) - AES Encryption with HMAC-SHA2 for Kerberos 5
 * [draft-burgin-kerberos-suiteb](http://www.ietf.org/id/draft-burgin-kerberos-suiteb-01.txt) - Suite B Profile for Kerberos 5
 * [draft-ietf-kitten-kerberos-iana-registries](http://www.ietf.org/id/draft-ietf-kitten-kerberos-iana-registries-00.txt) - Move Kerberos protocol parameter registries to IANA
 * [draft-ietf-krb-wg-cammac](http://www.ietf.org/id/draft-ietf-krb-wg-cammac-03.txt) - Kerberos Authorization Data Container Authenticated by Multiple MACs
 * [draft-ietf-krb-wg-kdc-model](http://www.ietf.org/id/draft-ietf-krb-wg-kdc-model-16.txt) - An information model for Kerberos version 5
 * [draft-ietf-krb-wg-pkinit-alg-agility](http://www.ietf.org/id/draft-ietf-krb-wg-pkinit-alg-agility-07.txt) - PKINIT Algorithm Agility
 * [draft-perez-krb-wg-gss-preauth](http://www.ietf.org/id/draft-perez-krb-wg-gss-preauth-02.txt) - GSS-API pre-authentication for Kerberos draft-perez-krb-wg-gss-preauth-02
	Title: 1.2.3 - Standards
	NavPrev: 1.2.2-microsoft-compatibility.html
	NavPrevText: 1.2.2 - Microsoft compatibility
	NavUp: 1.2-resources.html
	NavUpText: 1.2 - Resources
	NavNext: 2-kerberos-config.html
	NavNextText: 2 - Kerberos Configuration
	Notice: Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at
	.
	http://www.apache.org/licenses/LICENSE-2.0
	.
	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.

	# 1.2.3 - Standards

	The Kerberos Protocol is based on public RFCs. There is also a Kerberos woking group at the IETF, you can check [this page](http://datatracker.ietf.org/wg/krb-wg/).

	## Obsoleted RFCs

	* [RFC 1411](http://www.ietf.org/rfc/rfc1411.txt) - Telnet Authentication: Kerberos Version 4
	* [RFC 1510](http://www.ietf.org/rfc/rfc1510.txt) - The Kerberos Network Authentication Service (V5) (Obsoleted by 4120, 6649)

	## Valid RFS and updates

	* [RFC 1964](http://www.ietf.org/rfc/rfc1964.txt) - The Kerberos Version 5 GSS-API Mechanism (updated by 4121, 6649)
	* [RFC 2623](http://www.ietf.org/rfc/rfc2623.txt) - NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5
	* [RFC 2712](http://www.ietf.org/rfc/rfc2712.txt) - Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)
	* [RFC 2942](http://www.ietf.org/rfc/rfc2942.txt) - Telnet Authentication: Kerberos Version 5
	* [RFC 3244](http://www.ietf.org/rfc/rfc3244.txt) - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
	* [RFC 3961](http://www.ietf.org/rfc/rfc3961.txt) - Encryption and Checksum Specifications for Kerberos 5
	* [RFC 3962](http://www.ietf.org/rfc/rfc3962.txt) - Advanced Encryption Standard (AES) Encryption for Kerberos 5
	* [RFC 4120](http://www.ietf.org/rfc/rfc4120.txt) - The Kerberos Network Authentication Service (V5) (Updated by 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806)
	* [RFC 4121](http://www.ietf.org/rfc/rfc4121.txt) - The Kerberos Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (Updated by 6112, 6542, 6649)
	* [RFC 4402](http://www.ietf.org/rfc/rfc4402.txt) - A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism
	* [RFC 4537](http://www.ietf.org/rfc/rfc4537.txt) - Kerberos Cryptosystem Negotiation Extension
	* [RFC 4556](http://www.ietf.org/rfc/rfc4556.txt) - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (updated by 6612)
	* [RFC 4557](http://www.ietf.org/rfc/rfc4557.txt) - Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
	* [RFC 4559](http://www.ietf.org/rfc/rfc4559.txt) - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
	* [RFC 4752](http://www.ietf.org/rfc/rfc4752.txt) - The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism
	* [RFC 4757](http://www.ietf.org/rfc/rfc4757.txt) - The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows (updated by 6649)
	* [RFC 5021](http://www.ietf.org/rfc/rfc5021.txt) - Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP
	* [RFC 5179](http://www.ietf.org/rfc/rfc5179.txt) - Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism
	* [RFC 5349](http://www.ietf.org/rfc/rfc5349.txt) - Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
	* [RFC 5868](http://www.ietf.org/rfc/rfc5868.txt) - Problem Statement on the Cross-Realm Operation of Kerberos
	* [RFC 5896](http://www.ietf.org/rfc/rfc5896.txt) - Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy
	* [RFC 6111](http://www.ietf.org/rfc/rfc6111.txt) - Additional Kerberos Naming Constraints
	* [RFC 6112](http://www.ietf.org/rfc/rfc6112.txt) - Anonymity Support for Kerberos
	* [RFC 6113](http://www.ietf.org/rfc/rfc6113.txt) - A Generalized Framework for Kerberos Pre-Authentication
	* [RFC 6251](http://www.ietf.org/rfc/rfc6251.txt) - Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol
	* [RFC 6448](http://www.ietf.org/rfc/rfc6448.txt) - The Unencrypted Form of Kerberos 5 KRB-CRED Message
	* [RFC 6542](http://www.ietf.org/rfc/rfc6542.txt) - Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility
	* [RFC 6560](http://www.ietf.org/rfc/rfc6560.txt) - One-Time Password (OTP) Pre-Authentication
	* [RFC 6649](http://www.ietf.org/rfc/rfc6649.txt) - Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
	* [RFC 6784](http://www.ietf.org/rfc/rfc6784.txt) - Kerberos Options for DHCPv6
	* [RFC 6803](http://www.ietf.org/rfc/rfc6803.txt) - Camellia Encryption for Kerberos 5
	* [RFC 6806](http://www.ietf.org/rfc/rfc6806.txt) - Kerberos Principal Name Canonicalization and Cross-Realm Referrals

	## Here are some drafts :

	* [draft-burgin-kerberos-aes-cbc-hmac-sha2](http://www.ietf.org/id/draft-burgin-kerberos-aes-cbc-hmac-sha2-02.txt) - AES Encryption with HMAC-SHA2 for Kerberos 5
	* [draft-burgin-kerberos-suiteb](http://www.ietf.org/id/draft-burgin-kerberos-suiteb-01.txt) - Suite B Profile for Kerberos 5
	* [draft-ietf-kitten-kerberos-iana-registries](http://www.ietf.org/id/draft-ietf-kitten-kerberos-iana-registries-00.txt) - Move Kerberos protocol parameter registries to IANA
	* [draft-ietf-krb-wg-cammac](http://www.ietf.org/id/draft-ietf-krb-wg-cammac-03.txt) - Kerberos Authorization Data Container Authenticated by Multiple MACs
	* [draft-ietf-krb-wg-kdc-model](http://www.ietf.org/id/draft-ietf-krb-wg-kdc-model-16.txt) - An information model for Kerberos version 5
	* [draft-ietf-krb-wg-pkinit-alg-agility](http://www.ietf.org/id/draft-ietf-krb-wg-pkinit-alg-agility-07.txt) - PKINIT Algorithm Agility
	* [draft-perez-krb-wg-gss-preauth](http://www.ietf.org/id/draft-perez-krb-wg-gss-preauth-02.txt) - GSS-API pre-authentication for Kerberos draft-perez-krb-wg-gss-preauth-02