4ecbd6db44
Userland to follow.
172 lines
3.9 KiB
Plaintext
172 lines
3.9 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
Network Working Group Assar Westerlund
|
||
<draft-ietf-cat-krb5-tcp.txt> SICS
|
||
Internet-Draft Johan Danielsson
|
||
November, 1997 PDC, KTH
|
||
Expire in six months
|
||
|
||
Kerberos over TCP
|
||
|
||
Status of this Memo
|
||
|
||
This document is an Internet-Draft. Internet-Drafts are working
|
||
documents of the Internet Engineering Task Force (IETF), its areas,
|
||
and its working groups. Note that other groups may also distribute
|
||
working documents as Internet-Drafts.
|
||
|
||
Internet-Drafts are draft documents valid for a maximum of six months
|
||
and may be updated, replaced, or obsoleted by other documents at any
|
||
time. It is inappropriate to use Internet- Drafts as reference
|
||
material or to cite them other than as "work in progress."
|
||
|
||
To view the entire list of current Internet-Drafts, please check the
|
||
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
|
||
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe),
|
||
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
|
||
ftp.isi.edu (US West Coast).
|
||
|
||
Distribution of this memo is unlimited. Please send comments to the
|
||
<cat-ietf@mit.edu> mailing list.
|
||
|
||
Abstract
|
||
|
||
This document specifies how the communication should be done between
|
||
a client and a KDC using Kerberos [RFC1510] with TCP as the transport
|
||
protocol.
|
||
|
||
Specification
|
||
|
||
This draft specifies an extension to section 8.2.1 of RFC1510.
|
||
|
||
A Kerberos server MAY accept requests on TCP port 88 (decimal).
|
||
|
||
The data sent from the client to the KDC should consist of 4 bytes
|
||
containing the length, in network byte order, of the Kerberos
|
||
request, followed by the request (AS-REQ or TGS-REQ) itself. The
|
||
reply from the KDC should consist of the length of the reply packet
|
||
(4 bytes, network byte order) followed by the packet itself (AS-REP,
|
||
TGS-REP, or KRB-ERROR).
|
||
|
||
|
||
|
||
|
||
Westerlund, Danielsson [Page 1]
|
||
|
||
Internet Draft Kerberos over TCP November, 1997
|
||
|
||
|
||
C->S: Open connection to TCP port 88 at the server
|
||
C->S: length of request
|
||
C->S: AS-REQ or TGS-REQ
|
||
S->C: length of reply
|
||
S->C: AS-REP, TGS-REP, or KRB-ERROR
|
||
|
||
Discussion
|
||
|
||
Even though the preferred way of sending kerberos packets is over UDP
|
||
there are several occasions when it's more practical to use TCP.
|
||
|
||
Mainly, it's usually much less cumbersome to get TCP through
|
||
firewalls than UDP.
|
||
|
||
In theory, there's no reason for having explicit length fields, that
|
||
information is already encoded in the ASN1 encoding of the Kerberos
|
||
packets. But having explicit lengths makes it unnecessary to have to
|
||
decode the ASN.1 encoding just to know how much data has to be read.
|
||
|
||
Another way of signaling the end of the request of the reply would be
|
||
to do a half-close after the request and a full-close after the
|
||
reply. This does not work well with all kinds of firewalls.
|
||
|
||
Security considerations
|
||
|
||
This memo does not introduce any known security considerations in
|
||
addition to those mentioned in [RFC1510].
|
||
|
||
References
|
||
|
||
[RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
|
||
Authentication Service (V5)", RFC 1510, September 1993.
|
||
|
||
Authors' Addresses
|
||
|
||
Assar Westerlund
|
||
Swedish Institute of Computer Science
|
||
Box 1263
|
||
S-164 29 KISTA
|
||
Sweden
|
||
|
||
Phone: +46-8-7521526
|
||
Fax: +46-8-7517230
|
||
EMail: assar@sics.se
|
||
|
||
Johan Danielsson
|
||
PDC, KTH
|
||
S-100 44 STOCKHOLM
|
||
|
||
|
||
|
||
Westerlund, Danielsson [Page 2]
|
||
|
||
Internet Draft Kerberos over TCP November, 1997
|
||
|
||
|
||
Sweden
|
||
|
||
Phone: +46-8-7907885
|
||
Fax: +46-8-247784
|
||
EMail: joda@pdc.kth.se
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Westerlund, Danielsson [Page 3]
|
||
|