1.4 Relationship to Other Protocols

  • Article

Kerberos V5 Authentication Service (AS) and TGS exchanges rely on either the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP) ([RFC4120] section 7.2.1) as a transport. KILE relies on a working Domain Name System (DNS) infrastructure.

Kerberos V5 Authentication Protocol (AP) exchange messages are only carried in other application protocols and never exist by themselves on the network. Almost any application can (theoretically) use Kerberos V5 authentication; applications that already adopt a GSS-style approach to security are most applicable.

Other non-RFC standard specifications relevant to the implementation of Kerberos are:

  • Active Directory, including: Active Directory Schema Attributes A-L [MS-ADA1], Active Directory Schema Attributes M [MS-ADA2], Active Directory Schema Attributes N-Z [MS-ADA3], Active Directory Schema Classes [MS-ADSC], and Active Directory Technical Specification [MS-ADTS].

  • Group Policy: Security Protocol Extension [MS-GPSB]

  • Local Security Authority (Domain Policy) Remote Protocol Specification [MS-LSAD]

The following are additional Kerberos extensions:

  • Authentication Protocol Domain Support Specification [MS-APDS]

  • Privilege Attribute Certificate Data Structure [MS-PAC]

  • Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol Specification [MS-PKCA]

  • Kerberos Protocol Extensions: Service for User and Constrained Delegation Protocol Specification [MS-SFU]

  • User to User Kerberos Authentication using GSS-API [UUKA-GSSAPI]