Problem Statement on the Cross-Realm Operation of Kerberos
RFC 5868, “Problem Statement on the Cross-Realm Operation of Kerberos”, is an Informational document published in May 2010 by S. Sakane, K. Kamada, S. Zrelli, M. Ishiyama. The canonical text is published by the RFC Editor.
Abstract
This document provides background information regarding large-scale Kerberos deployments in the industrial sector, with the aim of identifying issues in the current Kerberos cross-realm authentication model as defined in RFC 4120.
This document describes some examples of actual large-scale industrial systems, and lists requirements and restrictions regarding authentication operations in such environments. It also identifies a number of requirements derived from the industrial automation field. Although they are found in the field of industrial automation, these requirements are general enough and are applicable to the problem of Kerberos cross-realm operations. This document is not an Internet Standards Track specification; it is published for informational purposes.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 5868 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5867 Building Automation Routing Requirements in Low-Power and Lossy Networks
- RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function
- RFC 5866 Diameter Quality-of-Service Application
- RFC 5870 A Uniform Resource Identifier for Geographic Locations
- RFC 5865 A Differentiated Services Code Point for Capacity-Admitted Traffic
- RFC 5871 IANA Allocation Guidelines for the IPv6 Routing Header
- RFC 5864 DNS SRV Resource Records for AFS
- RFC 5872 IANA Rules for the Protocol for Carrying Authentication for Network Access