Kerberos Parameters
- Created
- 2004-06-29
- Last Updated
- 2021-11-29
- Available Formats
-
XML
HTML
Plain text
Registries included below
- Kerberos Encryption Type Numbers
- Kerberos Checksum Type Numbers
- Kerberos TCP Extensions
- Pre-authentication and Typed Data
- FAST Armor Types
- FAST Options
- Well-Known Kerberos Principal Names
- Well-Known Kerberos Realm Names
- Kerberos Message Transport Types
Kerberos Encryption Type Numbers
- Registration Procedure(s)
-
Standards Action for standards-track RFCs; non-standards-track RFCs must be reviewed by an expert.
- Expert(s)
-
Ken Raeburn
- Reference
- [RFC3961]
- Note
-
These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned.
- Available Formats
-
CSV
etype | encryption type | Reference |
---|---|---|
0 | reserved | [RFC6448] |
1 | des-cbc-crc (deprecated) | [RFC6649] |
2 | des-cbc-md4 (deprecated) | [RFC6649] |
3 | des-cbc-md5 (deprecated) | [RFC6649] |
4 | Reserved | [RFC3961] |
5 | des3-cbc-md5 (deprecated) | [RFC8429] |
6 | Reserved | [RFC3961] |
7 | des3-cbc-sha1 (deprecated) | [RFC8429] |
8 | Unassigned | |
9 | dsaWithSHA1-CmsOID | [RFC4556] |
10 | md5WithRSAEncryption-CmsOID | [RFC4556] |
11 | sha1WithRSAEncryption-CmsOID | [RFC4556] |
12 | rc2CBC-EnvOID | [RFC4556] |
13 | rsaEncryption-EnvOID | [RFC4556][from PKCS#1 v1.5]] |
14 | rsaES-OAEP-ENV-OID | [RFC4556][from PKCS#1 v2.0]] |
15 | des-ede3-cbc-Env-OID | [RFC4556] |
16 | des3-cbc-sha1-kd (deprecated) | [RFC8429] |
17 | aes128-cts-hmac-sha1-96 | [RFC3962] |
18 | aes256-cts-hmac-sha1-96 | [RFC3962] |
19 | aes128-cts-hmac-sha256-128 | [RFC8009] |
20 | aes256-cts-hmac-sha384-192 | [RFC8009] |
21-22 | Unassigned | |
23 | rc4-hmac (deprecated) | [RFC8429] |
24 | rc4-hmac-exp (deprecated) | [RFC6649] |
25 | camellia128-cts-cmac | [RFC6803] |
26 | camellia256-cts-cmac | [RFC6803] |
27-64 | Unassigned | |
65 | subkey-keymaterial | [(opaque; PacketCable)] |
66-2147483647 | Unassigned |
Kerberos Checksum Type Numbers
- Registration Procedure(s)
-
Standards Action for standards-track RFCs; non-standards-track RFCs must be reviewed by an expert.
- Expert(s)
-
Ken Raeburn
- Reference
- [RFC3961]
- Note
-
These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned.
- Available Formats
-
CSV
sumtype value | Checksum type | checksum size | Reference |
---|---|---|---|
0 | Reserved | [RFC3961] | |
1 | CRC32 (deprecated) | 4 | [RFC6649] |
2 | rsa-md4 (deprecated) | 16 | [RFC6649] |
3 | rsa-md4-des (deprecated) | 24 | [RFC6649] |
4 | des-mac (deprecated) | 16 | [RFC6649] |
5 | des-mac-k (deprecated) | 8 | [RFC6649] |
6 | rsa-md4-des-k (deprecated) | 16 | [RFC6649] |
7 | rsa-md5 (deprecated) | 16 | [RFC8429] |
8 | rsa-md5-des (deprecated) | 24 | [RFC6649] |
9 | rsa-md5-des3 | 24 | |
10 | sha1 (unkeyed) | 20 | |
11 | Unassigned | ||
12 | hmac-sha1-des3-kd (deprecated) | 20 | [RFC8429] |
13 | hmac-sha1-des3 (deprecated) | 20 | [RFC8429] |
14 | sha1 (unkeyed) | 20 | |
15 | hmac-sha1-96-aes128 | 20 | [RFC3962] |
16 | hmac-sha1-96-aes256 | 20 | [RFC3962] |
17 | cmac-camellia128 | 16 | [RFC6803] |
18 | cmac-camellia256 | 16 | [RFC6803] |
19 | hmac-sha256-128-aes128 | 16 | [RFC8009] |
20 | hmac-sha384-192-aes256 | 24 | [RFC8009] |
21-32770 | Unassigned | ||
32771 | Reserved | [RFC1964] | |
32772-2147483647 | Unassigned |
Kerberos TCP Extensions
- Reference
- [RFC5021]
- Available Formats
-
CSV
Range | Registration Procedures | Note |
---|---|---|
0-29 | Standards Action or IESG Approval | |
30 | Reserved | Standards Action that updates or obsoletes [RFC5021] |
Value | Description | Reference |
---|---|---|
0 | Krb5 over TLS | [RFC6251] |
1-29 | Unassigned | |
30 | Reserved | [RFC5021] |
Pre-authentication and Typed Data
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Sam Hartman (primary), Larry Zhu (secondary)
- Reference
- [RFC6113]
- Note
-
The designated expert may find that IETF Review is required. See [RFC6113] for more information.
- Available Formats
-
CSV
Type | Value | Reference |
---|---|---|
1 | PA-TGS-REQ | [RFC4120] |
2 | PA-ENC-TIMESTAMP | [RFC4120] |
3 | PA-PW-SALT | [RFC4120] |
4 | reserved | [RFC6113] |
5 | PA-ENC-UNIX-TIME (deprecated) | [RFC4120] |
6 | PA-SANDIA-SECUREID | [RFC4120] |
7 | PA-SESAME | [RFC4120] |
8 | PA-OSF-DCE | [RFC4120] |
9 | PA-CYBERSAFE-SECUREID | [RFC4120] |
10 | PA-AFS3-SALT | [RFC4120][RFC3961] |
11 | PA-ETYPE-INFO | [RFC4120] |
12 | PA-SAM-CHALLENGE | [draft-ietf-cat-kerberos-passwords-04] |
13 | PA-SAM-RESPONSE | [draft-ietf-cat-kerberos-passwords-04] |
14 | PA-PK-AS-REQ_OLD | [draft-ietf-cat-kerberos-pk-init-09] |
15 | PA-PK-AS-REP_OLD | [draft-ietf-cat-kerberos-pk-init-09] |
16 | PA-PK-AS-REQ | [RFC4556] |
17 | PA-PK-AS-REP | [RFC4556] |
18 | PA-PK-OCSP-RESPONSE | [RFC4557] |
19 | PA-ETYPE-INFO2 | [RFC4120] |
20 | PA-USE-SPECIFIED-KVNO | [RFC4120] |
20 | PA-SVR-REFERRAL-INFO | [RFC6806] |
21 | PA-SAM-REDIRECT | [draft-ietf-krb-wg-kerberos-sam-03] |
22 | PA-GET-FROM-TYPED-DATA | [(embedded in typed data)][RFC4120] |
22 | TD-PADATA | [(embeds padata)][RFC4120] |
23 | PA-SAM-ETYPE-INFO | [(sam/otp)][draft-ietf-krb-wg-kerberos-sam-03] |
24 | PA-ALT-PRINC | [draft-ietf-krb-wg-hw-auth-04] |
25 | PA-SERVER-REFERRAL | [draft-ietf-krb-wg-kerberos-referrals-11] |
26-29 | Unassigned | |
30 | PA-SAM-CHALLENGE2 | [draft-ietf-krb-wg-kerberos-sam-03] |
31 | PA-SAM-RESPONSE2 | [draft-ietf-krb-wg-kerberos-sam-03] |
32-40 | Unassigned | |
41 | PA-EXTRA-TGT | [Reserved extra TGT][RFC6113] |
42-100 | Unassigned | |
101 | TD-PKINIT-CMS-CERTIFICATES | [RFC4556] |
102 | TD-KRB-PRINCIPAL | [PrincipalName][RFC6113] |
103 | TD-KRB-REALM | [Realm][RFC6113] |
104 | TD-TRUSTED-CERTIFIERS | [RFC4556] |
105 | TD-CERTIFICATE-INDEX | [RFC4556] |
106 | TD-APP-DEFINED-ERROR | [Application specific][RFC6113] |
107 | TD-REQ-NONCE | [INTEGER][RFC6113] |
108 | TD-REQ-SEQ | [INTEGER][RFC6113] |
109 | TD_DH_PARAMETERS | [RFC4556] |
110 | Unassigned | |
111 | TD-CMS-DIGEST-ALGORITHMS | [RFC8636] |
112 | TD-CERT-DIGEST-ALGORITHMS | [RFC8636] |
113-127 | Unassigned | |
128 | PA-PAC-REQUEST | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
129 | PA-FOR_USER | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
130 | PA-FOR-X509-USER | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
131 | PA-FOR-CHECK_DUPS | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
132 | PA-AS-CHECKSUM | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
133 | PA-FX-COOKIE | [RFC6113] |
134 | PA-AUTHENTICATION-SET | [RFC6113] |
135 | PA-AUTH-SET-SELECTED | [RFC6113] |
136 | PA-FX-FAST | [RFC6113] |
137 | PA-FX-ERROR | [RFC6113] |
138 | PA-ENCRYPTED-CHALLENGE | [RFC6113] |
139-140 | Unassigned | |
141 | PA-OTP-CHALLENGE | [RFC6560] |
142 | PA-OTP-REQUEST | [RFC6560] |
143 | PA-OTP-CONFIRM (OBSOLETED) | [RFC6560] |
144 | PA-OTP-PIN-CHANGE | [RFC6560] |
145 | PA-EPAK-AS-REQ | [(sshock@gmail.com)][RFC6113] |
146 | PA-EPAK-AS-REP | [(sshock@gmail.com)][RFC6113] |
147 | PA_PKINIT_KX | [RFC8062] |
148 | PA_PKU2U_NAME | [draft-zhu-pku2u] |
149 | PA-REQ-ENC-PA-REP | [RFC6806] |
150 | PA_AS_FRESHNESS | [RFC8070] |
151 | PA-SPAKE | [draft-ietf-kitten-krb-spake-preauth] |
152 | PA-REDHAT-IDP-OAUTH2 | [Pavel_Březina] |
153-164 | Unassigned | |
165 | PA-SUPPORTED-ETYPES | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
166 | PA-EXTENDED_ERROR | [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] |
FAST Armor Types
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC6113]
- Available Formats
-
CSV
Type | Name | Description | Reference |
---|---|---|---|
0 | Reserved | Reserved | [RFC6113] |
1 | FX_FAST_ARMOR_AP_REQUEST | Ticket armor using an ap-req. | [RFC6113] |
FAST Options
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC6113]
- Available Formats
-
CSV
Type | Name | Description | Reference |
---|---|---|---|
0 | RESERVED | Reserved for future expansion of this field. | [RFC6113] |
1 | hide-client-names | Requesting the KDC to hide client names in the KDC response | [RFC6113] |
16 | kdc-follow-referrals | reserved | [RFC6113] |
Well-Known Kerberos Principal Names
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC6111]
- Available Formats
-
CSV
Well-Known Kerberos Principal Name | Reference |
---|---|
anonymous | [RFC8062] |
Well-Known Kerberos Realm Names
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Unassigned
- Reference
- [RFC6111]
- Available Formats
-
CSV
Well-Known Kerberos Realm Name | Reference |
---|---|
anonymous | [RFC8062] |
Kerberos Message Transport Types
- Registration Procedure(s)
-
IETF Review
- Reference
- [RFC6784]
- Available Formats
-
CSV
Value | Description | Reference |
---|---|---|
0 | Reserved | [RFC6784] |
1 | UDP | [RFC6784] |
2 | TCP | [RFC6784] |
3 | TLS | [RFC6784] |
4-254 | Unassigned | |
255 | Reserved | [RFC6784] |
Contact Information
ID | Name | Contact URI | Last Updated |
---|---|---|---|
[Pavel_Březina] | Pavel Březina | mailto:pbrezina&redhat.com | 2021-11-29 |