RFC 3182, "Identity Representation for RSVP", October 2001Source of RFC: rap (ops)
See Also: RFC 3182 w/ inline errata
Errata ID: 2958
Publication Format(s) : TEXT
Reported By: Marco Molteni
Date Reported: 2011-09-07
Verifier Name: ron bonica
Date Verified: 2011-09-09
Section 6.3 says:
6.3 Authentication (Router/PDP) [..] 2. Verify user credential [..] - Kerberos: Send the Kerberos ticket to the KDC to obtain the session key. Using the session key authenticate the user.
It should say:
Kerberos: Extract the session key from the ticket. Use the session key to authenticate the user.
The corrected text is only an example. The most important point is that Kerberos doesn't require the server to contact the KDC, all the information is already in the kerberos authenticator and ticket sent by the client.
See this email exchange from 2001 :-) http://psg.com/lists/rap/rap.2001/msg00269.html where the same issue is raised by Hannes Tschofenig and confirmed by one of the RFC authors, R. Hess.