The Kerberos Network Authentication Service (V5)

This document provides an overview and specification of Version 5 of the Kerberos protocol, and updates RFC1510 to clarify aspects of the protocol and its intended use that require more detailed or clearer explanation than was provided in RFC1510. This document is intended to provide a detailed description of the protocol, suitable for implementation, together with descriptions of the appropriate use of protocol messages and fields within those messages. This document contains a subset of the changes considered and discussed in the Kerberos working group and is intended as an interim description of Kerberos. Additional changes to the Kerberos protocol have been proposed and will appear in a subsequent extensions document. This document is not intended to describe Kerberos to the end user, system administrator, or application developer. Higher level papers describing Version 5 of the Kerberos system [NT94] and documenting version 4 [SNS88], are available elsewhere. draft-ietf-krb-wg-kerberos-clarifications-00 Expires 22 August 2002

[1]  Marc Horowitz,et al.  Key Derivation for Authentication, Integrity, and Privacy , 1998 .

[2]  Ralph R. Swick,et al.  Workstation Services and Kerberos Authentication at Project Athena , 1989 .

[3]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[4]  Jerome H. Saltzer,et al.  Section E.2.1 Kerberos Authentication and Authorization System , 1988 .

[5]  Ralph Howard,et al.  Data encryption standard , 1987 .

[6]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[7]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[8]  Uri Blumenthal,et al.  A Better Key Schedule for DES-like Ciphers , 1996 .

[9]  John T. Kohl,et al.  The Evolution of the Kerberos Authentication Service , 1992 .

[10]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[11]  Virgil D. Gligor,et al.  On message integrity in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[13]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[14]  E DenningDorothy,et al.  Timestamps in key distribution protocols , 1981 .

[15]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[16]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[17]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[18]  Marc Horowitz Key Derivation for Kerberos V5 , 1996 .