8 Index

A

Abstract data model

   Application Server (section 3.1.1, section 3.4.1)

   client (section 3.1.1, section 3.2.1)

   KDC (section 3.1.1, section 3.3.1)

   server

Addressing

AES 128 key creation example

AP exchange

Applicability

Application Server

   abstract data model (section 3.1.1, section 3.4.1)

   higher-layer triggered events (section 3.1.4, section 3.4.4)

   implementing public keys

   initialization (section 3.1.3, section 3.4.3)

   local events (section 3.1.7, section 3.4.7)

   message processing (section 3.1.5, section 3.4.5)

   overview (section 3.1.1, section 3.4)

   sequencing rules (section 3.1.5, section 3.4.5)

   timer events (section 3.1.6, section 3.4.6)

   timers (section 3.1.2, section 3.4.2)

AS exchange

Authentication

   datagram style

   pre-authentication

   services

   three-leg DCE style mutual

Authenticator checksum flags

Authorization data

   overview

   processing

C

Calls

   GSS_GetMICEx()

   GSS_UnwrapEx()

   GSS_VerifyMICEx()

   GSS_WrapEx()

Capability negotiation

Case sensitivity

Change tracking

Client

   abstract data model (section 3.1.1, section 3.2.1)

   higher-layer triggered events (section 3.1.4, section 3.2.4)

   implementing public keys

   initialization (section 3.1.3, section 3.2.3)

   local events (section 3.1.7, section 3.2.7)

   message processing (section 3.1.5, section 3.2.5)

   other local events

   overview

   sequencing rules (section 3.1.5, section 3.2.5)

   timer events (section 3.1.6, section 3.2.6)

   timers (section 3.1.2, section 3.2.2)

Compound identity

Cryptography

D

Data model - abstract

   Application Server (section 3.1.1, section 3.4.1)

   client (section 3.1.1, section 3.2.1)

   KDC (section 3.1.1, section 3.3.1)

   server

Datagram-style authentication

DCE style mutual authentication - three-leg

Directory service schema elements

Domain controller - locating

DS_BEHAVIOR_WIN2012 domain controller - locating

E

Elements - directory service schema

Encryption checksum types

Encryption types (section 1.7.2, section 3.1.5.2)

Encryption types - bit flags (section 2.2.7, section 3.1.1.5)

Examples

   AES 128 key creation

   GSS_WrapEx with AES128-CTS-HMAC-SHA1-96

   interactive logon

   network logon

   overview

   RC4 GSS_WrapEx

F

Fields - vendor-extensible

Flags

   authenticator checksum

   request

Flexible Authentication Secure Tunneling (FAST)

   overview

   using when supported by realm

Forwardable TGT request

G

Glossary

GSS_GetMICEx() call

GSS_UnwrapEx() call

GSS_VerifyMICEx() call

GSS_WrapEx with AES128-CTS-HMAC-SHA1-96 example

GSS_WrapEx() call

H

Higher-layer triggered events

   Application Server (section 3.1.4, section 3.4.4)

   client (section 3.1.4, section 3.2.4)

   KDC

      configuration changes

      overview (section 3.1.4, section 3.3.4)

   server

I

Implementer - security considerations

Index of security parameters

Informative references

Initial logon

Initialization

   Application Server (section 3.1.3, section 3.4.3)

   client (section 3.1.3, section 3.2.3)

   KDC (section 3.1.3, section 3.3.3)

   server

Interactive logon example

Internationalization

Introduction

K

KDC

   abstract data model (section 3.1.1, section 3.3.1)

   higher-layer triggered events

      configuration changes

      overview (section 3.1.4, section 3.3.4)

   implementing public keys

   initialization (section 3.1.3, section 3.3.3)

   local events (section 3.1.7, section 3.3.7)

   message processing (section 3.1.5, section 3.3.5)

   overview

   sequencing rules (section 3.1.5, section 3.3.5)

   timer events (section 3.1.6, section 3.3.6)

   timers (section 3.1.2, section 3.3.2)

KERB-AD-RESTRICTION-ENTRY message

KERB-AD-RESTRICTION-ENTRY structure

Kerberos OID

Kerberos V5 synopsis

KERB-ERROR-DATA message

KERB-ERROR-DATA structure

KERB-EXT-ERROR message

KERB-LOCAL message

KERB-PA-PAC-REQUEST message

KERB-PA-PAC-REQUEST structure

Keys

   public

   usage numbers

   version numbers

KILE synopsis

L

Local events

   Application Server (section 3.1.7, section 3.4.7)

   client (section 3.1.7, section 3.2.7)

   KDC (section 3.1.7, section 3.3.7)

Locating DS_BEHAVIOR_WIN2012 domain controller

Logon

   initial

   interactive - example

   network - example

LSAP_TOKEN_INFO_INTEGRITY message

LSAP_TOKEN_INFO_INTEGRITY structure

M

Machine ID

Message processing

   addressing

   Application Server (section 3.1.5, section 3.4.5)

   authorization data

   case sensitivity

   client (section 3.1.5, section 3.2.5)

   encryption checksum types

   encryption types

   internationalization

   KDC (section 3.1.5, section 3.3.5)

   key usage numbers

   key version numbers

   locating DS_BEHAVIOR_WIN2012 domain controller

   naming

   PAC generation

   pre-authentication data

   referrals

   server

   ticket flag

Messages

   KERB-AD-RESTRICTION-ENTRY

   KERB-ERROR-DATA

   KERB-EXT-ERROR

   KERB-LOCAL

   KERB-PA-PAC-REQUEST

   LSAP_TOKEN_INFO_INTEGRITY

   OCTET STRING

   PA-PAC-OPTIONS

   PA-SUPPORTED-ENCTYPES

   Supported Encryption Types Bit Flags

   syntax

   transport

N

Naming

Network logon example

Normative references

O

OCTET STRING

OCTET STRING message

OID - Kerberos

Other local events

   client

   server

Overview (synopsis)

P

PAC generation

PA-PAC-OPTIONS message

PA-PAC-OPTIONS structure

Parameter index - security

Parameters - security index

PA-SUPPORTED-ENCTYPES message

PA-SUPPORTED-ENCTYPES structure

PLSAP_TOKEN_INFO_INTEGRITY

Pre-authentication

Pre-authentication data

Preconditions

Prerequisites

Product behavior

Protocol Details

   overview

Public keys - implementing

   Application Server

   client

   KDC

R

RC4 GSS_WrapEx example

References

   informative

   normative

Referrals

Relationship to other protocols

Replay cache

Request flags

S

Schema elements - directory service

Security

   background

   implementer considerations

   overview

   parameter index

Sequencing rules

   addressing

   Application Server (section 3.1.5, section 3.4.5)

   authorization data

   case sensitivity

   client (section 3.1.5, section 3.2.5)

   encryption checksum types

   encryption types

   internationalization

   KDC (section 3.1.5, section 3.3.5)

   key usage numbers

   key version numbers

   locating DS_BEHAVIOR_WIN1012 domain controller

   naming

   PAC generation

   pre-authentication data

   referrals

   server

   ticket flag

Server

   abstract data model (section 3.1.1, section 3.4.1)

   higher-layer triggered events (section 3.1.4, section 3.4.4)

   implementing public keys

   initialization (section 3.1.3, section 3.4.3)

   local events (section 3.1.7, section 3.4.7)

   message processing (section 3.1.5, section 3.4.5)

   other local events

   overview (section 3.1.1, section 3.4)

   sequencing rules (section 3.1.5, section 3.4.5)

   timer events (section 3.1.6, section 3.4.6)

   timers (section 3.1.2, section 3.4.2)

Standards assignments

Supported encryption types (section 2.2.7, section 3.1.1.5)

Supported Encryption Types Bit Flags message

Syntax - message

T

TGS exchange

Three-leg DCE style mutual authentication

Ticket cache

Ticket flag

Timer events

   Application Server (section 3.1.6, section 3.4.6)

   client (section 3.1.6, section 3.2.6)

   KDC (section 3.1.6, section 3.3.6)

   server

Timers

   Application Server (section 3.1.2, section 3.4.2)

   client (section 3.1.2, section 3.2.2)

   KDC (section 3.1.2, section 3.3.2)

   server

Tracking changes

Transport

Triggered events

   Application Server (section 3.1.4, section 3.4.4)

   client (section 3.1.4, section 3.2.4)

   KDC

      configuration changes

      overview (section 3.1.4, section 3.3.4)

Triggered events - higher-layer

   server

V

Vendor-extensible fields

Versioning

Show: