2.1.3 Relevant Standards

  • Article

The Authentication Services protocols use and extend the following standards:

  • The Kerberos Network Authentication Service (V5) [RFC4120] provides an overview and specification of Version 5 of the Kerberos protocol.

  • Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols [RFC3244].

  • A Generalized Framework for Kerberos Pre-Authentication [RFC6113]: This document specifies a framework for Kerberos pre-authentication mechanisms and defines the common set of functions that pre-authentication mechanisms perform and how these functions affect the state of the request and reply.

  • HTTP Authentication: Basic and Digest Access Authentication ([RFC2617] and [RFC2831]): These documents specify the HTTP authentication framework, the original Basic authentication scheme, and a scheme based on cryptographic hashes, referred to as Digest Access Authentication.

  • Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) [RFC4556]. This document describes protocol extensions to the Kerberos protocol. These extensions provide a method for integrating public key cryptography into the initial authentication exchange, by using asymmetric key signatures and/or encryption algorithms in pre-authentication data fields.

  • The Simple and Protected Generic Security Service Application Programming Interface (GSS-API) Negotiation Mechanism [RFC4178] specifies a pseudo security mechanism that enables GSS-API peers to determine in-band whether they support a common set of one or more GSS-API security mechanisms.

  • The Generic Security Service Application Program Interface (GSS-API), Version 2 [RFC2743] provides security services to callers in a generic fashion supportable with a range of underlying mechanisms and technologies that allow source-level portability of applications to different environments.

  • The Transport Layer Security (TLS) Protocol Version 1.2 [RFC5246] provides communications security over the Internet. This protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. TLS Version 1.3 removed legacy algorithms, all handshake messages after the Server Hello are now encrypted, added Elliptic curve algorithms in the base spec, among other changes. See [RFC8446] for the details.