| blob | 8174d4678f8d4722b9db54f2a727574c5394ec22 |
7 Network Working Group Assar Westerlund
8 <draft-ietf-cat-krb5-ipv6.txt> SICS
9 Internet-Draft October, 1997
10 Expire in six months
12 Kerberos over IPv6
14 Status of this Memo
16 This document is an Internet-Draft. Internet-Drafts are working
17 documents of the Internet Engineering Task Force (IETF), its areas,
18 and its working groups. Note that other groups may also distribute
19 working documents as Internet-Drafts.
21 Internet-Drafts are draft documents valid for a maximum of six months
22 and may be updated, replaced, or obsoleted by other documents at any
23 time. It is inappropriate to use Internet- Drafts as reference
24 material or to cite them other than as "work in progress."
26 To view the entire list of current Internet-Drafts, please check the
27 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
28 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe),
29 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
30 ftp.isi.edu (US West Coast).
32 Distribution of this memo is unlimited. Please send comments to the
33 <cat-ietf@mit.edu> mailing list.
35 Abstract
37 This document specifies the address types and transport types
38 necessary for using Kerberos [RFC1510] over IPv6 [RFC1883].
40 Specification
42 IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB
43 order. The type of IPv6 addresses is twenty-four (24).
45 The following addresses (see [RFC1884]) MUST not appear in any
46 Kerberos packet:
48 the Unspecified Address
49 the Loopback Address
50 Link-Local addresses
52 IPv4-mapped IPv6 addresses MUST be represented as addresses of type
53 2.
58 Westerlund [Page 1]
59 \f
60 Internet Draft Kerberos over IPv6 October, 1997
63 Communication with the KDC over IPv6 MUST be done as in section 8.2.1
64 of [RFC1510].
66 Discussion
68 [RFC1510] suggests using the address family constants in
69 <sys/socket.h> from BSD. This cannot be done for IPv6 as these
70 numbers have diverged and are different on different BSD-derived
71 systems. [RFC2133] does not either specify a value for AF_INET6.
72 Thus a value has to be decided and the implementations have to
73 convert between the value used in Kerberos HostAddress and the local
74 AF_INET6.
76 There are a few different address types in IPv6, see [RFC1884]. Some
77 of these are used for quite special purposes and it makes no sense to
78 include them in Kerberos packets.
80 It is necessary to represent IPv4-mapped addresses as Internet
81 addresses (type 2) to be compatible with Kerberos implementations
82 that only support IPv4.
84 Security considerations
86 This memo does not introduce any known security considerations in
87 addition to those mentioned in [RFC1510].
89 References
91 [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
92 Authentication Service (V5)", RFC 1510, September 1993.
94 [RFC1883] Deering, S., Hinden, R., "Internet Protocol, Version 6
95 (IPv6) Specification", RFC 1883, December 1995.
97 [RFC1884] Hinden, R., Deering, S., "IP Version 6 Addressing
98 Architecture", RFC 1884, December 1995.
100 [RFC2133] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic
101 Socket Interface Extensions for IPv6", RFC2133, April 1997.
103 Author's Address
105 Assar Westerlund
106 Swedish Institute of Computer Science
107 Box 1263
108 S-164 29 KISTA
109 Sweden
114 Westerlund [Page 2]
115 \f
116 Internet Draft Kerberos over IPv6 October, 1997
119 Phone: +46-8-7521526
120 Fax: +46-8-7517230
121 EMail: assar@sics.se
170 Westerlund [Page 3]
171 \f