diff options
author | markm <markm@FreeBSD.org> | 2000-01-09 20:58:00 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2000-01-09 20:58:00 +0000 |
commit | 5f68254a360fdb4f3ebc30f6ad6507556425dd0a (patch) | |
tree | a96b9cd24173c10bba3fd7e2acf5d68e5bb0773e /crypto/heimdal/doc/standardisation/draft-foo2 | |
parent | d88c9767e1793993cc2242ccfb9a8ba002a061c6 (diff) | |
parent | 4ecbd6db44d79348bc815f31096e53104f50838b (diff) | |
download | FreeBSD-src-5f68254a360fdb4f3ebc30f6ad6507556425dd0a.zip FreeBSD-src-5f68254a360fdb4f3ebc30f6ad6507556425dd0a.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r55682,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/heimdal/doc/standardisation/draft-foo2')
-rw-r--r-- | crypto/heimdal/doc/standardisation/draft-foo2 | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/crypto/heimdal/doc/standardisation/draft-foo2 b/crypto/heimdal/doc/standardisation/draft-foo2 new file mode 100644 index 0000000..0fa695f --- /dev/null +++ b/crypto/heimdal/doc/standardisation/draft-foo2 @@ -0,0 +1,171 @@ + + + + + + +Network Working Group Assar Westerlund +<draft-ietf-cat-krb5-tcp.txt> SICS +Internet-Draft Johan Danielsson +November, 1997 PDC, KTH +Expire in six months + + Kerberos over TCP + +Status of this Memo + + This document is an Internet-Draft. Internet-Drafts are working + documents of the Internet Engineering Task Force (IETF), its areas, + and its working groups. Note that other groups may also distribute + working documents as Internet-Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet- Drafts as reference + material or to cite them other than as "work in progress." + + To view the entire list of current Internet-Drafts, please check the + "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow + Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe), + munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or + ftp.isi.edu (US West Coast). + + Distribution of this memo is unlimited. Please send comments to the + <cat-ietf@mit.edu> mailing list. + +Abstract + + This document specifies how the communication should be done between + a client and a KDC using Kerberos [RFC1510] with TCP as the transport + protocol. + +Specification + + This draft specifies an extension to section 8.2.1 of RFC1510. + + A Kerberos server MAY accept requests on TCP port 88 (decimal). + + The data sent from the client to the KDC should consist of 4 bytes + containing the length, in network byte order, of the Kerberos + request, followed by the request (AS-REQ or TGS-REQ) itself. The + reply from the KDC should consist of the length of the reply packet + (4 bytes, network byte order) followed by the packet itself (AS-REP, + TGS-REP, or KRB-ERROR). + + + + +Westerlund, Danielsson [Page 1] + +Internet Draft Kerberos over TCP November, 1997 + + + C->S: Open connection to TCP port 88 at the server + C->S: length of request + C->S: AS-REQ or TGS-REQ + S->C: length of reply + S->C: AS-REP, TGS-REP, or KRB-ERROR + +Discussion + + Even though the preferred way of sending kerberos packets is over UDP + there are several occasions when it's more practical to use TCP. + + Mainly, it's usually much less cumbersome to get TCP through + firewalls than UDP. + + In theory, there's no reason for having explicit length fields, that + information is already encoded in the ASN1 encoding of the Kerberos + packets. But having explicit lengths makes it unnecessary to have to + decode the ASN.1 encoding just to know how much data has to be read. + + Another way of signaling the end of the request of the reply would be + to do a half-close after the request and a full-close after the + reply. This does not work well with all kinds of firewalls. + +Security considerations + + This memo does not introduce any known security considerations in + addition to those mentioned in [RFC1510]. + +References + + [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network + Authentication Service (V5)", RFC 1510, September 1993. + +Authors' Addresses + + Assar Westerlund + Swedish Institute of Computer Science + Box 1263 + S-164 29 KISTA + Sweden + + Phone: +46-8-7521526 + Fax: +46-8-7517230 + EMail: assar@sics.se + + Johan Danielsson + PDC, KTH + S-100 44 STOCKHOLM + + + +Westerlund, Danielsson [Page 2] + +Internet Draft Kerberos over TCP November, 1997 + + + Sweden + + Phone: +46-8-7907885 + Fax: +46-8-247784 + EMail: joda@pdc.kth.se + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Westerlund, Danielsson [Page 3] + |