RFC 7751
Kerberos Authorization Data Container Authenticated by Multiple Message Authentication Codes (MACs), March 2016
- File formats:
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 4120
- Authors:
- S. Sorce
T. Yu - Stream:
- IETF
- Source:
- kitten (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7751
Discuss this RFC: Send questions or comments to the mailing list kitten@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7751
Abstract
This document specifies a Kerberos authorization data container that supersedes AD-KDC-ISSUED. It allows for multiple Message Authentication Codes (MACs) or signatures to authenticate the contained authorization data elements. The multiple MACs are needed to mitigate shortcomings in the existing AD-KDC-ISSUED container. This document updates RFC 4120.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.