Kerberos Parameters
- Created
- 2004-06-29
- Last Updated
- 2024-12-06
- Available Formats
-
XML
HTML
Plain text
Registries included below
- Kerberos Encryption Type Numbers
- Kerberos Checksum Type Numbers
- Kerberos TCP Extensions
- Pre-authentication and Typed Data
- FAST Armor Types
- FAST Options
- Well-Known Kerberos Principal Names
- Well-Known Kerberos Realm Names
- Kerberos Message Transport Types
- Kerberos Second Factor Types
- Kerberos SPAKE Groups
Kerberos Encryption Type Numbers
- Registration Procedure(s)
-
Standards Action for standards-track RFCs; non-standards-track RFCs must be reviewed by an expert.
- Expert(s)
-
Ken Raeburn
- Reference
- [RFC3961]
- Note
-
These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned.
- Available Formats
-
CSV
etype | encryption type | Reference |
---|---|---|
0 | reserved | [RFC6448] |
1 | des-cbc-crc (deprecated) | [RFC6649] |
2 | des-cbc-md4 (deprecated) | [RFC6649] |
3 | des-cbc-md5 (deprecated) | [RFC6649] |
4 | Reserved | [RFC3961] |
5 | des3-cbc-md5 (deprecated) | [RFC8429] |
6 | Reserved | [RFC3961] |
7 | des3-cbc-sha1 (deprecated) | [RFC8429] |
8 | Unassigned | |
9 | dsaWithSHA1-CmsOID | [RFC4556] |
10 | md5WithRSAEncryption-CmsOID | [RFC4556] |
11 | sha1WithRSAEncryption-CmsOID | [RFC4556] |
12 | rc2CBC-EnvOID | [RFC4556] |
13 | rsaEncryption-EnvOID | [RFC4556][from PKCS#1 v1.5]] |
14 | rsaES-OAEP-ENV-OID | [RFC4556][from PKCS#1 v2.0]] |
15 | des-ede3-cbc-Env-OID | [RFC4556] |
16 | des3-cbc-sha1-kd (deprecated) | [RFC8429] |
17 | aes128-cts-hmac-sha1-96 | [RFC3962] |
18 | aes256-cts-hmac-sha1-96 | [RFC3962] |
19 | aes128-cts-hmac-sha256-128 | [RFC8009] |
20 | aes256-cts-hmac-sha384-192 | [RFC8009] |
21-22 | Unassigned | |
23 | rc4-hmac (deprecated) | [RFC8429] |
24 | rc4-hmac-exp (deprecated) | [RFC6649] |
25 | camellia128-cts-cmac | [RFC6803] |
26 | camellia256-cts-cmac | [RFC6803] |
27-64 | Unassigned | |
65 | subkey-keymaterial | [(opaque; PacketCable)] |
66-2147483647 | Unassigned |
Kerberos Checksum Type Numbers
- Registration Procedure(s)
-
Standards Action for standards-track RFCs; non-standards-track RFCs must be reviewed by an expert.
- Expert(s)
-
Ken Raeburn
- Reference
- [RFC3961]
- Note
-
These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned.
- Available Formats
-
CSV
sumtype value | Checksum type | checksum size | Reference |
---|---|---|---|
0 | Reserved | [RFC3961] | |
1 | CRC32 (deprecated) | 4 | [RFC6649] |
2 | rsa-md4 (deprecated) | 16 | [RFC6649] |
3 | rsa-md4-des (deprecated) | 24 | [RFC6649] |
4 | des-mac (deprecated) | 16 | [RFC6649] |
5 | des-mac-k (deprecated) | 8 | [RFC6649] |
6 | rsa-md4-des-k (deprecated) | 16 | [RFC6649] |
7 | rsa-md5 (deprecated) | 16 | [RFC8429] |
8 | rsa-md5-des (deprecated) | 24 | [RFC6649] |
9 | rsa-md5-des3 | 24 | |
10 | sha1 (unkeyed) | 20 | |
11 | Unassigned | ||
12 | hmac-sha1-des3-kd (deprecated) | 20 | [RFC8429] |
13 | hmac-sha1-des3 (deprecated) | 20 | [RFC8429] |
14 | sha1 (unkeyed) | 20 | |
15 | hmac-sha1-96-aes128 | 20 | [RFC3962] |
16 | hmac-sha1-96-aes256 | 20 | [RFC3962] |
17 | cmac-camellia128 | 16 | [RFC6803] |
18 | cmac-camellia256 | 16 | [RFC6803] |
19 | hmac-sha256-128-aes128 | 16 | [RFC8009] |
20 | hmac-sha384-192-aes256 | 24 | [RFC8009] |
21-32770 | Unassigned | ||
32771 | Reserved | [RFC1964] | |
32772-2147483647 | Unassigned |
Kerberos TCP Extensions
- Reference
- [RFC5021]
- Available Formats
-
CSV
Range | Registration Procedures | Note |
---|---|---|
0-29 | Standards Action or IESG Approval | |
30 | Reserved | Standards Action that updates or obsoletes [RFC5021] |
Value | Description | Reference |
---|---|---|
0 | Krb5 over TLS | [RFC6251] |
1-29 | Unassigned | |
30 | Reserved | [RFC5021] |
Pre-authentication and Typed Data
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Sam Hartman (primary), Larry Zhu (secondary)
- Reference
- [RFC6113]
- Note
-
The designated expert may find that IETF Review is required. See [RFC6113] for more information.
- Available Formats
-
CSV
Type | Value | Reference |
---|---|---|
1 | PA-TGS-REQ | [RFC4120] |
2 | PA-ENC-TIMESTAMP | [RFC4120] |
3 | PA-PW-SALT | [RFC4120] |
4 | reserved | [RFC6113] |
5 | PA-ENC-UNIX-TIME (deprecated) | [RFC4120] |
6 | PA-SANDIA-SECUREID | [RFC4120] |
7 | PA-SESAME | [RFC4120] |
8 | PA-OSF-DCE | [RFC4120] |
9 | PA-CYBERSAFE-SECUREID | [RFC4120] |
10 | PA-AFS3-SALT | [RFC4120][RFC3961] |
11 | PA-ETYPE-INFO | [RFC4120] |
12 | PA-SAM-CHALLENGE | [draft-ietf-cat-kerberos-passwords-04] |
13 | PA-SAM-RESPONSE | [draft-ietf-cat-kerberos-passwords-04] |
14 | PA-PK-AS-REQ_OLD | [draft-ietf-cat-kerberos-pk-init-09] |
15 | PA-PK-AS-REP_OLD | [draft-ietf-cat-kerberos-pk-init-09] |
16 | PA-PK-AS-REQ | [RFC4556] |
17 | PA-PK-AS-REP | [RFC4556] |
18 | PA-PK-OCSP-RESPONSE | [RFC4557] |
19 | PA-ETYPE-INFO2 | [RFC4120] |
20 | PA-USE-SPECIFIED-KVNO | [RFC4120] |
20 | PA-SVR-REFERRAL-INFO | [RFC6806] |
21 | PA-SAM-REDIRECT | [draft-ietf-krb-wg-kerberos-sam-03] |
22 | PA-GET-FROM-TYPED-DATA | [(embedded in typed data)][RFC4120] |
22 | TD-PADATA | [(embeds padata)][RFC4120] |
23 | PA-SAM-ETYPE-INFO | [(sam/otp)][draft-ietf-krb-wg-kerberos-sam-03] |
24 | PA-ALT-PRINC | [draft-ietf-krb-wg-hw-auth-04] |
25 | PA-SERVER-REFERRAL | [draft-ietf-krb-wg-kerberos-referrals-11] |
26-29 | Unassigned | |
30 | PA-SAM-CHALLENGE2 | [draft-ietf-krb-wg-kerberos-sam-03] |
31 | PA-SAM-RESPONSE2 | [draft-ietf-krb-wg-kerberos-sam-03] |
32-40 | Unassigned | |
41 | PA-EXTRA-TGT | [Reserved extra TGT][RFC6113] |
42-100 | Unassigned | |
101 | TD-PKINIT-CMS-CERTIFICATES | [RFC4556] |
102 | TD-KRB-PRINCIPAL | [PrincipalName][RFC6113] |
103 | TD-KRB-REALM | [Realm][RFC6113] |
104 | TD-TRUSTED-CERTIFIERS | [RFC4556] |
105 | TD-CERTIFICATE-INDEX | [RFC4556] |
106 | TD-APP-DEFINED-ERROR | [Application specific][RFC6113] |
107 | TD-REQ-NONCE | [INTEGER][RFC6113] |
108 | TD-REQ-SEQ | [INTEGER][RFC6113] |
109 | TD_DH_PARAMETERS | [RFC4556] |
110 | Unassigned | |
111 | TD-CMS-DIGEST-ALGORITHMS | [RFC8636] |
112 | TD-CERT-DIGEST-ALGORITHMS | [RFC8636] |
113-127 | Unassigned | |
128 | PA-PAC-REQUEST | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
129 | PA-FOR_USER | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
130 | PA-FOR-X509-USER | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
131 | PA-FOR-CHECK_DUPS | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
132 | PA-AS-CHECKSUM | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
133 | PA-FX-COOKIE | [RFC6113] |
134 | PA-AUTHENTICATION-SET | [RFC6113] |
135 | PA-AUTH-SET-SELECTED | [RFC6113] |
136 | PA-FX-FAST | [RFC6113] |
137 | PA-FX-ERROR | [RFC6113] |
138 | PA-ENCRYPTED-CHALLENGE | [RFC6113] |
139-140 | Unassigned | |
141 | PA-OTP-CHALLENGE | [RFC6560] |
142 | PA-OTP-REQUEST | [RFC6560] |
143 | PA-OTP-CONFIRM (OBSOLETED) | [RFC6560] |
144 | PA-OTP-PIN-CHANGE | [RFC6560] |
145 | PA-EPAK-AS-REQ | [(sshock@gmail.com)][RFC6113] |
146 | PA-EPAK-AS-REP | [(sshock@gmail.com)][RFC6113] |
147 | PA_PKINIT_KX | [RFC8062] |
148 | PA_PKU2U_NAME | [draft-zhu-pku2u-09] |
149 | PA-REQ-ENC-PA-REP | [RFC6806] |
150 | PA_AS_FRESHNESS | [RFC8070] |
151 | PA-SPAKE | [RFC9588] |
152 | PA-REDHAT-IDP-OAUTH2 | [Pavel_Březina] |
153 | PA-REDHAT-PASSKEY | [Pavel_Březina] |
154-164 | Unassigned | |
165 | PA-SUPPORTED-ETYPES | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
166 | PA-EXTENDED_ERROR | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
FAST Armor Types
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC6113]
- Available Formats
-
CSV
Type | Name | Description | Reference |
---|---|---|---|
0 | Reserved | Reserved | [RFC6113] |
1 | FX_FAST_ARMOR_AP_REQUEST | Ticket armor using an ap-req. | [RFC6113] |
FAST Options
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC6113]
- Available Formats
-
CSV
Type | Name | Description | Reference |
---|---|---|---|
0 | RESERVED | Reserved for future expansion of this field. | [RFC6113] |
1 | hide-client-names | Requesting the KDC to hide client names in the KDC response | [RFC6113] |
16 | kdc-follow-referrals | reserved | [RFC6113] |
Well-Known Kerberos Principal Names
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC6111]
- Available Formats
-
CSV
Well-Known Kerberos Principal Name | Reference |
---|---|
anonymous | [RFC8062] |
Well-Known Kerberos Realm Names
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC6111]
- Available Formats
-
CSV
Well-Known Kerberos Realm Name | Reference |
---|---|
anonymous | [RFC8062] |
Kerberos Message Transport Types
- Registration Procedure(s)
-
IETF Review
- Reference
- [RFC6784]
- Available Formats
-
CSV
Value | Description | Reference |
---|---|---|
0 | Reserved | [RFC6784] |
1 | UDP | [RFC6784] |
2 | TCP | [RFC6784] |
3 | TLS | [RFC6784] |
4-254 | Unassigned | |
255 | Reserved | [RFC6784] |
Kerberos Second Factor Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Simo Sorce, Greg Hudson
- Reference
- [RFC9588]
- Note
-
Registration requests should be sent to the mailing list described in [RFC9588]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org.
- Note
-
These are signed integers ranging from -2147483648 to 2147483647, inclusive. Positive values must be assigned only for algorithms specified in accordance with these rules for use with Kerberos and related protocols. Negative values should be used for private and experimental algorithms only. Zero is reserved and must not be assigned. Values should be assigned in increasing order.
- Available Formats
-
CSV
ID Number | Name | Reference |
---|---|---|
0 | Reserved | [RFC9588] |
1 | SF-NONE | [RFC9588] |
Kerberos SPAKE Groups
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Simo Sorce, Greg Hudson
- Reference
- [RFC9588]
- Note
-
Registration requests should be sent to the mailing list described in [RFC9588]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org.
- Note
-
These are signed integers ranging from -2147483648 to 2147483647, inclusive. Positive values must be assigned only for algorithms specified in accordance with these rules for use with Kerberos and related protocols. Negative values should be used for private and experimental algorithms only. Zero is reserved and must not be assigned. Values should be assigned in increasing order.
- Available Formats
-
CSV
ID Number | Name | Serialization | Multiplier Length | Multiplier Conversion | SPAKE M Constant | SPAKE N Constant | Hash Function | Reference |
---|---|---|---|---|---|---|---|---|
0 | Reserved | [RFC9588] | ||||||
1 | edwards25519 | [RFC8032, Section 3.1] | 32 | [RFC8032, Section 3.1] | d048032c6ea0b6d697ddc2e86bda85a33adac920f1bf18e1b0c6d166a5cecdaf | d3bfb518f44f3430f29d0c92af503865a1ed3281dc69b35dd868ba85f886c4ab | SHA-256 [RFC6234] | [RFC7748, Section 4.1][(edwards25519)] |
2 | P-256 | [SECG-SEC1, Section 2.3.3] [(compressed format)] | 32 | [SECG-SEC1, Section 2.3.8] | 02886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12f | 03d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4f98baa1292b49 | SHA-256 [RFC6234] | [SECG-SEC2, Section 2.4.2] |
3 | P-384 | [SECG-SEC1, Section 2.3.3] [(compressed format)] | 48 | [SECG-SEC1, Section 2.3.8] | 030ff0895ae5ebf6187080a82d82b42e2765e3b2f8749c7e05eba366434b363d3dc36f15314739074d2eb8613fceec2853 | 02c72cf2e390853a1c1c4ad816a62fd15824f56078918f43f922ca21518f9c543bb252c5490214cf9aa3f0baab4b665c10 | SHA-384 [RFC6234] | [SECG-SEC2, Section 2.5.1] |
4 | P-521 | [SECG-SEC1, Section 2.3.3] [(compressed format)] | 48 | [SECG-SEC1, Section 2.3.8] | 02003f06f38131b2ba2600791e82488e8d20ab889af753a41806c5db18d37d85608cfae06b82e4a72cd744c719193562a653ea1f119eef9356907edc9b56979962d7aa | 0200c7924b9ec017f3094562894336a53c50167ba8c5963876880542bc669e494b2532d76c5b53dfb349fdf69154b9e0048c58a42e8ed04cef052a3bc349d95575cd25 | SHA-512 [RFC6234] | [SECG-SEC2, Section 2.6.1] |
Contact Information
ID | Name | Contact URI | Last Updated |
---|---|---|---|
[Pavel_Březina] | Pavel Březina | mailto:pbrezina&redhat.com | 2023-03-29 |