logo_kerberos.gif

Difference between revisions of "Projects/IAKERB"

From K5Wiki
Jump to: navigation, search
(Background)
Line 7: Line 7:
 
Implement [http://tools.ietf.org/html/draft-zhu-ws-kerb-03 IAKERB].
 
Implement [http://tools.ietf.org/html/draft-zhu-ws-kerb-03 IAKERB].
   
At this stage, the plan is to implement AS-REQ IAKERB initiators only, so an initiating client will need to be in the same realm as the service and will not get a TGT. Third-party IAKERB initiators can acquire TGTs, however.
+
The implementation presently only supports AS-REQ IAKERB initiators, so an initiating client will need to be in the same realm as the service and will not get a TGT. (The code for acquiring a TGT is quite complicated.) Third-party IAKERB initiators can acquire TGTs, because the acceptor simply forwards the packets to the KDC.
   
 
==Architecture==
 
==Architecture==

Revision as of 15:10, 15 November 2009

This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.



Background

Implement IAKERB.

The implementation presently only supports AS-REQ IAKERB initiators, so an initiating client will need to be in the same realm as the service and will not get a TGT. (The code for acquiring a TGT is quite complicated.) Third-party IAKERB initiators can acquire TGTs, because the acceptor simply forwards the packets to the KDC.

Architecture

Implementation

libkrb5

GSS

Open issues

Status

Code is in the users/lhoward/iakerb branch.