1.5 Prerequisites/Preconditions

The Kerberos V5 protocol assumes the following:

  • The clocks of the participants (clients, servers, and KDCs) are synchronized within a reasonable window of time. In [RFC4120], the recommended acceptable clock skew is five minutes. Time synchronization uses the Network Time Protocol and Authentication Extensions [MS-SNTP], for synchronization of the time between the three parties, but a conformant implementation can use another protocol if they choose.

  • The KDC shares a secret key with the client and a separate secret key with the server. The provisioning of these secret keys is done out-of-band and is not part of KILE. Kerberos V5 implementations have a directory or database that contains at least the list of accounts and the associated secret keys.

  • A source of cryptographically useful random numbers is available for generating keys and other cryptographically sensitive information.

General Kerberos V5 protocol assumptions are as specified in [RFC4120] section 1.6.