| Title: 1.2.3 - Standards |
| NavPrev: 1.2.2-microsoft-compatibility.html |
| NavPrevText: 1.2.2 - Microsoft compatibility |
| NavUp: 1.2-resources.html |
| NavUpText: 1.2 - Resources |
| NavNext: 2-kerberos-config.html |
| NavNextText: 2 - Kerberos Configuration |
| Notice: Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| . |
| http://www.apache.org/licenses/LICENSE-2.0 |
| . |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| # 1.2.3 - Standards |
| |
| The **Kerberos** Protocol is based on public RFCs. There is also a Kerberos woking group at the IETF, you can check [this page](http://datatracker.ietf.org/wg/krb-wg/). |
| |
| ## Obsoleted RFCs |
| |
| * [RFC 1411](http://www.ietf.org/rfc/rfc1411.txt) - Telnet Authentication: Kerberos Version 4 |
| * [RFC 1510](http://www.ietf.org/rfc/rfc1510.txt) - The Kerberos Network Authentication Service (V5) (Obsoleted by 4120, 6649) |
| |
| ## Valid RFS and updates |
| |
| * [RFC 1964](http://www.ietf.org/rfc/rfc1964.txt) - The Kerberos Version 5 GSS-API Mechanism (updated by 4121, 6649) |
| * [RFC 2623](http://www.ietf.org/rfc/rfc2623.txt) - NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5 |
| * [RFC 2712](http://www.ietf.org/rfc/rfc2712.txt) - Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) |
| * [RFC 2942](http://www.ietf.org/rfc/rfc2942.txt) - Telnet Authentication: Kerberos Version 5 |
| * [RFC 3244](http://www.ietf.org/rfc/rfc3244.txt) - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols |
| * [RFC 3961](http://www.ietf.org/rfc/rfc3961.txt) - Encryption and Checksum Specifications for Kerberos 5 |
| * [RFC 3962](http://www.ietf.org/rfc/rfc3962.txt) - Advanced Encryption Standard (AES) Encryption for Kerberos 5 |
| * [RFC 4120](http://www.ietf.org/rfc/rfc4120.txt) - The Kerberos Network Authentication Service (V5) (Updated by 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806) |
| * [RFC 4121](http://www.ietf.org/rfc/rfc4121.txt) - The Kerberos Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2 (Updated by 6112, 6542, 6649) |
| * [RFC 4402](http://www.ietf.org/rfc/rfc4402.txt) - A Pseudo-Random Function (PRF) for the Kerberos V Generic Security Service Application Program Interface (GSS-API) Mechanism |
| * [RFC 4537](http://www.ietf.org/rfc/rfc4537.txt) - Kerberos Cryptosystem Negotiation Extension |
| * [RFC 4556](http://www.ietf.org/rfc/rfc4556.txt) - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) (updated by 6612) |
| * [RFC 4557](http://www.ietf.org/rfc/rfc4557.txt) - Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) |
| * [RFC 4559](http://www.ietf.org/rfc/rfc4559.txt) - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows |
| * [RFC 4752](http://www.ietf.org/rfc/rfc4752.txt) - The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism |
| * [RFC 4757](http://www.ietf.org/rfc/rfc4757.txt) - The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows (updated by 6649) |
| * [RFC 5021](http://www.ietf.org/rfc/rfc5021.txt) - Extended Kerberos Version 5 Key Distribution Center (KDC) Exchanges over TCP |
| * [RFC 5179](http://www.ietf.org/rfc/rfc5179.txt) - Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism |
| * [RFC 5349](http://www.ietf.org/rfc/rfc5349.txt) - Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) |
| * [RFC 5868](http://www.ietf.org/rfc/rfc5868.txt) - Problem Statement on the Cross-Realm Operation of Kerberos |
| * [RFC 5896](http://www.ietf.org/rfc/rfc5896.txt) - Generic Security Service Application Program Interface (GSS-API): Delegate if Approved by Policy |
| * [RFC 6111](http://www.ietf.org/rfc/rfc6111.txt) - Additional Kerberos Naming Constraints |
| * [RFC 6112](http://www.ietf.org/rfc/rfc6112.txt) - Anonymity Support for Kerberos |
| * [RFC 6113](http://www.ietf.org/rfc/rfc6113.txt) - A Generalized Framework for Kerberos Pre-Authentication |
| * [RFC 6251](http://www.ietf.org/rfc/rfc6251.txt) - Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol |
| * [RFC 6448](http://www.ietf.org/rfc/rfc6448.txt) - The Unencrypted Form of Kerberos 5 KRB-CRED Message |
| * [RFC 6542](http://www.ietf.org/rfc/rfc6542.txt) - Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility |
| * [RFC 6560](http://www.ietf.org/rfc/rfc6560.txt) - One-Time Password (OTP) Pre-Authentication |
| * [RFC 6649](http://www.ietf.org/rfc/rfc6649.txt) - Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos |
| * [RFC 6784](http://www.ietf.org/rfc/rfc6784.txt) - Kerberos Options for DHCPv6 |
| * [RFC 6803](http://www.ietf.org/rfc/rfc6803.txt) - Camellia Encryption for Kerberos 5 |
| * [RFC 6806](http://www.ietf.org/rfc/rfc6806.txt) - Kerberos Principal Name Canonicalization and Cross-Realm Referrals |
| |
| ## Here are some drafts : |
| |
| * [draft-burgin-kerberos-aes-cbc-hmac-sha2](http://www.ietf.org/id/draft-burgin-kerberos-aes-cbc-hmac-sha2-02.txt) - AES Encryption with HMAC-SHA2 for Kerberos 5 |
| * [draft-burgin-kerberos-suiteb](http://www.ietf.org/id/draft-burgin-kerberos-suiteb-01.txt) - Suite B Profile for Kerberos 5 |
| * [draft-ietf-kitten-kerberos-iana-registries](http://www.ietf.org/id/draft-ietf-kitten-kerberos-iana-registries-00.txt) - Move Kerberos protocol parameter registries to IANA |
| * [draft-ietf-krb-wg-cammac](http://www.ietf.org/id/draft-ietf-krb-wg-cammac-03.txt) - Kerberos Authorization Data Container Authenticated by Multiple MACs |
| * [draft-ietf-krb-wg-kdc-model](http://www.ietf.org/id/draft-ietf-krb-wg-kdc-model-16.txt) - An information model for Kerberos version 5 |
| * [draft-ietf-krb-wg-pkinit-alg-agility](http://www.ietf.org/id/draft-ietf-krb-wg-pkinit-alg-agility-07.txt) - PKINIT Algorithm Agility |
| * [draft-perez-krb-wg-gss-preauth](http://www.ietf.org/id/draft-perez-krb-wg-gss-preauth-02.txt) - GSS-API pre-authentication for Kerberos draft-perez-krb-wg-gss-preauth-02 |