RFC 9588 · PROPOSED STANDARD · 2024
SUN · 14 JUN 2026
Kerberos Simple Password-Authenticated Key Exchange Pre- authentication
Overview
RFC 9588, “Kerberos Simple Password-Authenticated Key Exchange Pre- authentication”, is a Proposed Standard document published in August 2024 by N. McCallum, S. Sorce, R. Harwood, G. Hudson. The canonical text is published by the RFC Editor.
Abstract
This document defines a new pre-authentication mechanism for the Kerberos protocol. The mechanism uses a password-authenticated key exchange (PAKE) to prevent brute-force password attacks, and it may incorporate a second factor.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
Read this RFC
The canonical text of RFC 9588 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
Other RFCs from 2024
- RFC 9587 YANG Data Model for OSPFv3 Extended Link State Advertisements
- RFC 9589 On the Use of the Cryptographic Message Syntax Signing-Time Attribute in Resource Public Key Infrastructure Signed Objects
- RFC 9586 IMAP Extension for Using and Returning Unique Identifiers Only
- RFC 9590 IMAP Extension for Returning Mailbox METADATA in Extended LIS
- RFC 9585 IMAP Response Code for Command Progress Notifications
- RFC 9591 The Flexible Round-Optimized Schnorr Threshold Protocol for Two-Round Schnorr Signatures
- RFC 9584 RTP Payload Format for Essential Video Coding
- RFC 9592 Retiring the Tao of the IETF