I-D Action:draft-ietf-krb-wg-preauth-framework-13.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Kerberos Working Group of the IETF.


	Title           : A Generalized Framework for Kerberos Pre-Authentication
	Author(s)       : S. Hartman, L. Zhu
	Filename        : draft-ietf-krb-wg-preauth-framework-13.txt
	Pages           : 50
	Date            : 2009-07-30

Kerberos is a protocol for verifying the identity of principals
(e.g., a workstation user or a network server) on an open network.
The Kerberos protocol provides a mechanism called pre-authentication
for proving the identity of a principal and for better protecting the
long-term secrets of the principal.

This document describes a model for Kerberos pre-authentication
mechanisms.  The model describes what state in the Kerberos request a
pre-authentication mechanism is likely to change.  It also describes
how multiple pre-authentication mechanisms used in the same request
will interact.

This document also provides common tools needed by multiple pre-
authentication mechanisms.  One of these tools is a secure channel
between the client and the KDC with a reply key strengthening
mechanism; this secure channel can be used to protect the
authentication exchange thus eliminate offline dictionary attacks.
With these tools, it is relatively straightforward to chain multiple
authentication mechanisms, utilize a different key management system,
or support a new key agreement algorithm.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-13.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-13.txt>
_______________________________________________

I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux