Internet Assigned Numbers Authority Kerberos Parameters Created 2004-06-29 Last Updated 2024-02-16 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below • Kerberos Encryption Type Numbers • Kerberos Checksum Type Numbers • Kerberos TCP Extensions • Pre-authentication and Typed Data • FAST Armor Types • FAST Options • Well-Known Kerberos Principal Names • Well-Known Kerberos Realm Names • Kerberos Message Transport Types • Kerberos Second Factor Types • Kerberos SPAKE Groups Kerberos Encryption Type Numbers Registration Procedure(s) Standards Action for standards-track RFCs; non-standards-track RFCs must be reviewed by an expert. Expert(s) Ken Raeburn Reference [RFC3961] Note These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned. Available Formats [IMG] CSV etype encryption type Reference 0 reserved [RFC6448] 1 des-cbc-crc (deprecated) [RFC6649] 2 des-cbc-md4 (deprecated) [RFC6649] 3 des-cbc-md5 (deprecated) [RFC6649] 4 Reserved [RFC3961] 5 des3-cbc-md5 (deprecated) [RFC8429] 6 Reserved [RFC3961] 7 des3-cbc-sha1 (deprecated) [RFC8429] 8 Unassigned 9 dsaWithSHA1-CmsOID [RFC4556] 10 md5WithRSAEncryption-CmsOID [RFC4556] 11 sha1WithRSAEncryption-CmsOID [RFC4556] 12 rc2CBC-EnvOID [RFC4556] 13 rsaEncryption-EnvOID [RFC4556][from PKCS#1 v1.5]] 14 rsaES-OAEP-ENV-OID [RFC4556][from PKCS#1 v2.0]] 15 des-ede3-cbc-Env-OID [RFC4556] 16 des3-cbc-sha1-kd (deprecated) [RFC8429] 17 aes128-cts-hmac-sha1-96 [RFC3962] 18 aes256-cts-hmac-sha1-96 [RFC3962] 19 aes128-cts-hmac-sha256-128 [RFC8009] 20 aes256-cts-hmac-sha384-192 [RFC8009] 21-22 Unassigned 23 rc4-hmac (deprecated) [RFC8429] 24 rc4-hmac-exp (deprecated) [RFC6649] 25 camellia128-cts-cmac [RFC6803] 26 camellia256-cts-cmac [RFC6803] 27-64 Unassigned 65 subkey-keymaterial [(opaque; PacketCable)] 66-2147483647 Unassigned Kerberos Checksum Type Numbers Registration Procedure(s) Standards Action for standards-track RFCs; non-standards-track RFCs must be reviewed by an expert. Expert(s) Ken Raeburn Reference [RFC3961] Note These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned. Available Formats [IMG] CSV sumtype value Checksum type checksum size Reference 0 Reserved [RFC3961] 1 CRC32 (deprecated) 4 [RFC6649] 2 rsa-md4 (deprecated) 16 [RFC6649] 3 rsa-md4-des (deprecated) 24 [RFC6649] 4 des-mac (deprecated) 16 [RFC6649] 5 des-mac-k (deprecated) 8 [RFC6649] 6 rsa-md4-des-k (deprecated) 16 [RFC6649] 7 rsa-md5 (deprecated) 16 [RFC8429] 8 rsa-md5-des (deprecated) 24 [RFC6649] 9 rsa-md5-des3 24 10 sha1 (unkeyed) 20 11 Unassigned 12 hmac-sha1-des3-kd (deprecated) 20 [RFC8429] 13 hmac-sha1-des3 (deprecated) 20 [RFC8429] 14 sha1 (unkeyed) 20 15 hmac-sha1-96-aes128 20 [RFC3962] 16 hmac-sha1-96-aes256 20 [RFC3962] 17 cmac-camellia128 16 [RFC6803] 18 cmac-camellia256 16 [RFC6803] 19 hmac-sha256-128-aes128 16 [RFC8009] 20 hmac-sha384-192-aes256 24 [RFC8009] 21-32770 Unassigned 32771 Reserved [RFC1964] 32772-2147483647 Unassigned Kerberos TCP Extensions Reference [RFC5021] Available Formats [IMG] CSV Range Registration Procedures Note 0-29 Standards Action or IESG Approval 30 Reserved Standards Action that updates or obsoletes [RFC5021] Value Description Reference 0 Krb5 over TLS [RFC6251] 1-29 Unassigned 30 Reserved [RFC5021] Pre-authentication and Typed Data Registration Procedure(s) Expert Review Expert(s) Sam Hartman (primary), Larry Zhu (secondary) Reference [RFC6113] Note The designated expert may find that IETF Review is required. See [RFC6113] for more information. Available Formats [IMG] CSV Type Value Reference 1 PA-TGS-REQ [RFC4120] 2 PA-ENC-TIMESTAMP [RFC4120] 3 PA-PW-SALT [RFC4120] 4 reserved [RFC6113] 5 PA-ENC-UNIX-TIME (deprecated) [RFC4120] 6 PA-SANDIA-SECUREID [RFC4120] 7 PA-SESAME [RFC4120] 8 PA-OSF-DCE [RFC4120] 9 PA-CYBERSAFE-SECUREID [RFC4120] 10 PA-AFS3-SALT [RFC4120][RFC3961] 11 PA-ETYPE-INFO [RFC4120] 12 PA-SAM-CHALLENGE [draft-ietf-cat-kerberos-passwords-04] 13 PA-SAM-RESPONSE [draft-ietf-cat-kerberos-passwords-04] 14 PA-PK-AS-REQ_OLD [draft-ietf-cat-kerberos-pk-init-09] 15 PA-PK-AS-REP_OLD [draft-ietf-cat-kerberos-pk-init-09] 16 PA-PK-AS-REQ [RFC4556] 17 PA-PK-AS-REP [RFC4556] 18 PA-PK-OCSP-RESPONSE [RFC4557] 19 PA-ETYPE-INFO2 [RFC4120] 20 PA-USE-SPECIFIED-KVNO [RFC4120] 20 PA-SVR-REFERRAL-INFO [RFC6806] 21 PA-SAM-REDIRECT [draft-ietf-krb-wg-kerberos-sam-03] 22 PA-GET-FROM-TYPED-DATA [(embedded in typed data)][RFC4120] 22 TD-PADATA [(embeds padata)][RFC4120] 23 PA-SAM-ETYPE-INFO [(sam/otp)][draft-ietf-krb-wg-kerberos-sam-03] 24 PA-ALT-PRINC [draft-ietf-krb-wg-hw-auth-04] 25 PA-SERVER-REFERRAL [draft-ietf-krb-wg-kerberos-referrals-11] 26-29 Unassigned 30 PA-SAM-CHALLENGE2 [draft-ietf-krb-wg-kerberos-sam-03] 31 PA-SAM-RESPONSE2 [draft-ietf-krb-wg-kerberos-sam-03] 32-40 Unassigned 41 PA-EXTRA-TGT [Reserved extra TGT][RFC6113] 42-100 Unassigned 101 TD-PKINIT-CMS-CERTIFICATES [RFC4556] 102 TD-KRB-PRINCIPAL [PrincipalName][RFC6113] 103 TD-KRB-REALM [Realm][RFC6113] 104 TD-TRUSTED-CERTIFIERS [RFC4556] 105 TD-CERTIFICATE-INDEX [RFC4556] 106 TD-APP-DEFINED-ERROR [Application specific][RFC6113] 107 TD-REQ-NONCE [INTEGER][RFC6113] 108 TD-REQ-SEQ [INTEGER][RFC6113] 109 TD_DH_PARAMETERS [RFC4556] 110 Unassigned 111 TD-CMS-DIGEST-ALGORITHMS [RFC8636] 112 TD-CERT-DIGEST-ALGORITHMS [RFC8636] 113-127 Unassigned 128 PA-PAC-REQUEST [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 129 PA-FOR_USER [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 130 PA-FOR-X509-USER [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 131 PA-FOR-CHECK_DUPS [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 132 PA-AS-CHECKSUM [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 133 PA-FX-COOKIE [RFC6113] 134 PA-AUTHENTICATION-SET [RFC6113] 135 PA-AUTH-SET-SELECTED [RFC6113] 136 PA-FX-FAST [RFC6113] 137 PA-FX-ERROR [RFC6113] 138 PA-ENCRYPTED-CHALLENGE [RFC6113] 139-140 Unassigned 141 PA-OTP-CHALLENGE [RFC6560] 142 PA-OTP-REQUEST [RFC6560] 143 PA-OTP-CONFIRM (OBSOLETED) [RFC6560] 144 PA-OTP-PIN-CHANGE [RFC6560] 145 PA-EPAK-AS-REQ [(sshock@gmail.com)][RFC6113] 146 PA-EPAK-AS-REP [(sshock@gmail.com)][RFC6113] 147 PA_PKINIT_KX [RFC8062] 148 PA_PKU2U_NAME [draft-zhu-pku2u] 149 PA-REQ-ENC-PA-REP [RFC6806] 150 PA_AS_FRESHNESS [RFC8070] 151 PA-SPAKE [RFC-ietf-kitten-krb-spake-preauth-13] 152 PA-REDHAT-IDP-OAUTH2 [Pavel_Březina] 153 PA-REDHAT-PASSKEY [Pavel_Březina] 154-164 Unassigned 165 PA-SUPPORTED-ETYPES [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 166 PA-EXTENDED_ERROR [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] FAST Armor Types Registration Procedure(s) Standards Action Reference [RFC6113] Available Formats [IMG] CSV Type Name Description Reference 0 Reserved Reserved [RFC6113] 1 FX_FAST_ARMOR_AP_REQUEST Ticket armor using an ap-req. [RFC6113] FAST Options Registration Procedure(s) Standards Action Reference [RFC6113] Available Formats [IMG] CSV Type Name Description Reference 0 RESERVED Reserved for future expansion of this field. [RFC6113] 1 hide-client-names Requesting the KDC to hide client names in the KDC response [RFC6113] 16 kdc-follow-referrals reserved [RFC6113] Well-Known Kerberos Principal Names Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC6111] Available Formats [IMG] CSV Well-Known Kerberos Principal Name Reference anonymous [RFC8062] Well-Known Kerberos Realm Names Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC6111] Available Formats [IMG] CSV Well-Known Kerberos Realm Name Reference anonymous [RFC8062] Kerberos Message Transport Types Registration Procedure(s) IETF Review Reference [RFC6784] Available Formats [IMG] CSV Value Description Reference 0 Reserved [RFC6784] 1 UDP [RFC6784] 2 TCP [RFC6784] 3 TLS [RFC6784] 4-254 Unassigned 255 Reserved [RFC6784] Kerberos Second Factor Types Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC-ietf-kitten-krb-spake-preauth-13] Note Registration requests should be sent to the mailing list described in [RFC-ietf-kitten-krb-spake-preauth-13]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org. Note These are signed integers ranging from -2147483648 to 2147483647, inclusive. Positive values must be assigned only for algorithms specified in accordance with these rules for use with Kerberos and related protocols. Negative values should be used for private and experimental algorithms only. Zero is reserved and must not be assigned. Values should be assigned in increasing order. Available Formats [IMG] CSV ID Number Name Reference 0 Reserved [RFC-ietf-kitten-krb-spake-preauth-13] 1 SF-NONE [RFC-ietf-kitten-krb-spake-preauth-13] Kerberos SPAKE Groups Registration Procedure(s) Specification Required Expert(s) Unassigned Reference [RFC-ietf-kitten-krb-spake-preauth-13] Note Registration requests should be sent to the mailing list described in [RFC-ietf-kitten-krb-spake-preauth-13]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org. Note These are signed integers ranging from -2147483648 to 2147483647, inclusive. Positive values must be assigned only for algorithms specified in accordance with these rules for use with Kerberos and related protocols. Negative values should be used for private and experimental algorithms only. Zero is reserved and must not be assigned. Values should be assigned in increasing order. Available Formats [IMG] CSV ID Name Serialization Multiplier Multiplier SPAKE M Constant SPAKE N Constant Hash Reference Number Length Conversion Function 0 Reserved [RFC-ietf-kitten-krb-spake-preauth-13] [RFC8032, [RFC8032, SHA-256 1 edwards25519 Section 3.1] 32 Section d048032c6ea0b6d697ddc2e86bda85a33adac920f1bf18e1b0c6d166a5cecdaf d3bfb518f44f3430f29d0c92af503865a1ed3281dc69b35dd868ba85f886c4ab [RFC6234] [RFC7748, Section 4.1][(edwards25519)] 3.1] [SECG-SEC1, Section [SECG-SEC1, SHA-256 2 P-256 2.3.3] 32 Section 02886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12f 03d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4f98baa1292b49 [RFC6234] [SECG-SEC2, Section 2.4.2] [(compressed 2.3.8] format)] [SECG-SEC1, Section [SECG-SEC1, SHA-384 3 P-384 2.3.3] 48 Section 030ff0895ae5ebf6187080a82d82b42e2765e3b2f8749c7e05eba366434b363d3dc36f15314739074d2eb8613fceec2853 02c72cf2e390853a1c1c4ad816a62fd15824f56078918f43f922ca21518f9c543bb252c5490214cf9aa3f0baab4b665c10 [RFC6234] [SECG-SEC2, Section 2.5.1] [(compressed 2.3.8] format)] [SECG-SEC1, Section [SECG-SEC1, SHA-512 4 P-521 2.3.3] 48 Section 02003f06f38131b2ba2600791e82488e8d20ab889af753a41806c5db18d37d85608cfae06b82e4a72cd744c719193562a653ea1f119eef9356907edc9b56979962d7aa 0200c7924b9ec017f3094562894336a53c50167ba8c5963876880542bc669e494b2532d76c5b53dfb349fdf69154b9e0048c58a42e8ed04cef052a3bc349d95575cd25 [RFC6234] [SECG-SEC2, Section 2.6.1] [(compressed 2.3.8] format)] Contact Information ID Name Contact URI Last Updated [Pavel_Březina] Pavel Březina mailto:pbrezina&redhat.com 2023-03-29 Licensing Terms