I-D Action:draft-ietf-krb-wg-preauth-framework-17.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Kerberos Working Group of the IETF.


	Title           : A Generalized Framework for Kerberos Pre-Authentication
	Author(s)       : S. Hartman, L. Zhu
	Filename        : draft-ietf-krb-wg-preauth-framework-17.txt
	Pages           : 52
	Date            : 2010-06-22

Kerberos is a protocol for verifying the identity of principals
(e.g., a workstation user or a network server) on an open network.
The Kerberos protocol provides a facility called pre-authentication.
Pre-authentication mechanisms can use this facility to extend the
Kerberos protocol and prove the identity of a principal.

This document describes a more formal model for this facility.  The
model describes what state in the Kerberos request a pre-
authentication mechanism is likely to change.  It also describes how
multiple pre-authentication mechanisms used in the same request will
interact.

This document also provides common tools needed by multiple pre-
authentication mechanisms.  One of these tools is a secure channel
between the client and the key distribution center with a reply key
strengthening mechanism; this secure channel can be used to protect
the authentication exchange thus eliminate offline dictionary
attacks.  With these tools, it is relatively straightforward to chain
multiple authentication mechanisms, utilize a different key
management system, or support a new key agreement algorithm.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-17.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-17.txt>
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux