summaryrefslogtreecommitdiff
path: root/third_party/heimdal/doc/standardisation/draft-foo2
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/doc/standardisation/draft-foo2')
-rw-r--r--third_party/heimdal/doc/standardisation/draft-foo2171
1 files changed, 171 insertions, 0 deletions
diff --git a/third_party/heimdal/doc/standardisation/draft-foo2 b/third_party/heimdal/doc/standardisation/draft-foo2
new file mode 100644
index 00000000000..0fa695f640f
--- /dev/null
+++ b/third_party/heimdal/doc/standardisation/draft-foo2
@@ -0,0 +1,171 @@
+
+
+
+
+
+
+Network Working Group Assar Westerlund
+<draft-ietf-cat-krb5-tcp.txt> SICS
+Internet-Draft Johan Danielsson
+November, 1997 PDC, KTH
+Expire in six months
+
+ Kerberos over TCP
+
+Status of this Memo
+
+ This document is an Internet-Draft. Internet-Drafts are working
+ documents of the Internet Engineering Task Force (IETF), its areas,
+ and its working groups. Note that other groups may also distribute
+ working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet- Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ To view the entire list of current Internet-Drafts, please check the
+ "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
+ Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe),
+ munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
+ ftp.isi.edu (US West Coast).
+
+ Distribution of this memo is unlimited. Please send comments to the
+ <cat-ietf@mit.edu> mailing list.
+
+Abstract
+
+ This document specifies how the communication should be done between
+ a client and a KDC using Kerberos [RFC1510] with TCP as the transport
+ protocol.
+
+Specification
+
+ This draft specifies an extension to section 8.2.1 of RFC1510.
+
+ A Kerberos server MAY accept requests on TCP port 88 (decimal).
+
+ The data sent from the client to the KDC should consist of 4 bytes
+ containing the length, in network byte order, of the Kerberos
+ request, followed by the request (AS-REQ or TGS-REQ) itself. The
+ reply from the KDC should consist of the length of the reply packet
+ (4 bytes, network byte order) followed by the packet itself (AS-REP,
+ TGS-REP, or KRB-ERROR).
+
+
+
+
+Westerlund, Danielsson [Page 1]
+
+Internet Draft Kerberos over TCP November, 1997
+
+
+ C->S: Open connection to TCP port 88 at the server
+ C->S: length of request
+ C->S: AS-REQ or TGS-REQ
+ S->C: length of reply
+ S->C: AS-REP, TGS-REP, or KRB-ERROR
+
+Discussion
+
+ Even though the preferred way of sending kerberos packets is over UDP
+ there are several occasions when it's more practical to use TCP.
+
+ Mainly, it's usually much less cumbersome to get TCP through
+ firewalls than UDP.
+
+ In theory, there's no reason for having explicit length fields, that
+ information is already encoded in the ASN1 encoding of the Kerberos
+ packets. But having explicit lengths makes it unnecessary to have to
+ decode the ASN.1 encoding just to know how much data has to be read.
+
+ Another way of signaling the end of the request of the reply would be
+ to do a half-close after the request and a full-close after the
+ reply. This does not work well with all kinds of firewalls.
+
+Security considerations
+
+ This memo does not introduce any known security considerations in
+ addition to those mentioned in [RFC1510].
+
+References
+
+ [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
+ Authentication Service (V5)", RFC 1510, September 1993.
+
+Authors' Addresses
+
+ Assar Westerlund
+ Swedish Institute of Computer Science
+ Box 1263
+ S-164 29 KISTA
+ Sweden
+
+ Phone: +46-8-7521526
+ Fax: +46-8-7517230
+ EMail: assar@sics.se
+
+ Johan Danielsson
+ PDC, KTH
+ S-100 44 STOCKHOLM
+
+
+
+Westerlund, Danielsson [Page 2]
+
+Internet Draft Kerberos over TCP November, 1997
+
+
+ Sweden
+
+ Phone: +46-8-7907885
+ Fax: +46-8-247784
+ EMail: joda@pdc.kth.se
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Westerlund, Danielsson [Page 3]
+
View Lorry Controller Status