| blob | 62b109afa52c9fabcbe0aef0fdb639b6baff70bd |
1 .pl 10.0i
2 .po 0
3 .ll 7.2i
4 .lt 7.2i
5 .nr LL 7.2i
6 .nr LT 7.2i
7 .ds LF Westerlund
8 .ds RF [Page %]
9 .ds CF
10 .ds LH Internet Draft
11 .ds RH October, 1997
12 .ds CH Kerberos over IPv6
13 .hy 0
14 .ad l
15 .in 0
16 .ta \n(.luR
17 Network Working Group Assar Westerlund
18 <draft-ietf-cat-krb5-ipv6.txt> SICS
19 Internet-Draft October, 1997
20 Expire in six months
22 .ce
23 Kerberos over IPv6
25 .ti 0
26 Status of this Memo
28 .in 3
29 This document is an Internet-Draft. Internet-Drafts are working
30 documents of the Internet Engineering Task Force (IETF), its
31 areas, and its working groups. Note that other groups may also
32 distribute working documents as Internet-Drafts.
34 Internet-Drafts are draft documents valid for a maximum of six
35 months and may be updated, replaced, or obsoleted by other
36 documents at any time. It is inappropriate to use Internet-
37 Drafts as reference material or to cite them other than as
38 "work in progress."
40 To view the entire list of current Internet-Drafts, please check
41 the "1id-abstracts.txt" listing contained in the Internet-Drafts
42 Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net
43 (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East
44 Coast), or ftp.isi.edu (US West Coast).
46 Distribution of this memo is unlimited. Please send comments to the
47 <cat-ietf@mit.edu> mailing list.
49 .ti 0
50 Abstract
52 .in 3
53 This document specifies the address types and transport types
54 necessary for using Kerberos [RFC1510] over IPv6 [RFC1883].
56 .ti 0
57 Specification
59 .in 3
60 IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB
61 order. The type of IPv6 addresses is twenty-four (24).
63 The following addresses (see [RFC1884]) MUST not appear in any
64 Kerberos packet:
66 the Unspecified Address
67 .br
68 the Loopback Address
69 .br
70 Link-Local addresses
72 IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2.
74 Communication with the KDC over IPv6 MUST be done as in section
75 8.2.1 of [RFC1510].
77 .ti 0
78 Discussion
80 .in 3
81 [RFC1510] suggests using the address family constants in
82 <sys/socket.h> from BSD. This cannot be done for IPv6 as these
83 numbers have diverged and are different on different BSD-derived
84 systems. [RFC2133] does not either specify a value for AF_INET6.
85 Thus a value has to be decided and the implementations have to convert
86 between the value used in Kerberos HostAddress and the local AF_INET6.
88 There are a few different address types in IPv6, see [RFC1884]. Some
89 of these are used for quite special purposes and it makes no sense to
90 include them in Kerberos packets.
92 It is necessary to represent IPv4-mapped addresses as Internet
93 addresses (type 2) to be compatible with Kerberos implementations that
94 only support IPv4.
96 .ti 0
97 Security considerations
99 .in 3
100 This memo does not introduce any known security considerations in
101 addition to those mentioned in [RFC1510].
103 .ti 0
104 References
106 .in 3
107 [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
108 Authentication Service (V5)", RFC 1510, September 1993.
110 [RFC1883] Deering, S., Hinden, R., "Internet Protocol, Version 6
111 (IPv6) Specification", RFC 1883, December 1995.
113 [RFC1884] Hinden, R., Deering, S., "IP Version 6 Addressing
114 Architecture", RFC 1884, December 1995.
116 [RFC2133] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic
117 Socket Interface Extensions for IPv6", RFC2133, April 1997.
119 .ti 0
120 Author's Address
122 Assar Westerlund
123 .br
124 Swedish Institute of Computer Science
125 .br
126 Box 1263
127 .br
128 S-164 29 KISTA
129 .br
130 Sweden
132 Phone: +46-8-7521526
133 .br
134 Fax: +46-8-7517230
135 .br
136 EMail: assar@sics.se