Kerberos Parameters

Created: 2004-06-29
Last Updated: 2017-03-02
Available Formats: XML
HTML
Plain text

Registries included below

Kerberos Encryption Type Numbers
Kerberos Checksum Type Numbers
Kerberos TCP Extensions
Pre-authentication and Typed Data
FAST Armor Types
FAST Options
Well-Known Kerberos Principal Names
Well-Known Kerberos Realm Names
Kerberos Message Transport Types

Kerberos Encryption Type Numbers

Registration Procedure(s)

Standards Action for standards-track RFCs; non-standards-track 
RFCs must be reviewed by an expert.

Expert(s)

Ken Raeburn

Reference

[RFC3961]

Note

These are signed values ranging from -2147483648 to 2147483647.  Positive
values should be assigned only for algorithms specified in accordance
with this specification for use with Kerberos or related protocols.
Negative values are for private use; local and experimental algorithms
should use these values.  Zero is reserved and may not be assigned.

Available Formats

CSV

etype	encryption type	Reference
0	reserved	[RFC6448]
1	des-cbc-crc	[RFC3961]
2	des-cbc-md4	[RFC3961]
3	des-cbc-md5	[RFC3961]
4	Reserved	[RFC3961]
5	des3-cbc-md5
6	Reserved	[RFC3961]
7	des3-cbc-sha1
8	Unassigned
9	dsaWithSHA1-CmsOID	[RFC4556]
10	md5WithRSAEncryption-CmsOID	[RFC4556]
11	sha1WithRSAEncryption-CmsOID	[RFC4556]
12	rc2CBC-EnvOID	[RFC4556]
13	rsaEncryption-EnvOID	[RFC4556][from PKCS#1 v1.5]]
14	rsaES-OAEP-ENV-OID	[RFC4556][from PKCS#1 v2.0]]
15	des-ede3-cbc-Env-OID	[RFC4556]
16	des3-cbc-sha1-kd	[RFC3961]
17	aes128-cts-hmac-sha1-96	[RFC3962]
18	aes256-cts-hmac-sha1-96	[RFC3962]
19	aes128-cts-hmac-sha256-128	[RFC8009]
20	aes256-cts-hmac-sha384-192	[RFC8009]
21-22	Unassigned
23	rc4-hmac	[RFC4757]
24	rc4-hmac-exp	[RFC4757]
25	camellia128-cts-cmac	[RFC6803]
26	camellia256-cts-cmac	[RFC6803]
27-64	Unassigned
65	subkey-keymaterial	[(opaque; PacketCable)]
66-2147483647	Unassigned

Kerberos Checksum Type Numbers

Registration Procedure(s)

Standards Action for standards-track RFCs; non-standards-track 
RFCs must be reviewed by an expert.

Expert(s)

Ken Raeburn

Reference

[RFC3961]

Note

These are signed values ranging from -2147483648 to 2147483647.  Positive
values should be assigned only for algorithms specified in accordance
with this specification for use with Kerberos or related protocols.
Negative values are for private use; local and experimental algorithms
should use these values.  Zero is reserved and may not be assigned.

Available Formats

CSV

sumtype value	Checksum type	checksum size	Reference
0	Reserved		[RFC3961]
1	CRC32	4	[RFC3961]
2	rsa-md4	16	[RFC3961]
3	rsa-md4-des	24	[RFC3961]
4	des-mac	16	[RFC3961]
5	des-mac-k	8	[RFC3961]
6	rsa-md4-des-k	16	[RFC3961]
7	rsa-md5	16	[RFC3961]
8	rsa-md5-des	24	[RFC3961]
9	rsa-md5-des3	24
10	sha1 (unkeyed)	20
11	Unassigned
12	hmac-sha1-des3-kd	20	[RFC3961]
13	hmac-sha1-des3	20
14	sha1 (unkeyed)	20
15	hmac-sha1-96-aes128	20	[RFC3962]
16	hmac-sha1-96-aes256	20	[RFC3962]
17	cmac-camellia128	16	[RFC6803]
18	cmac-camellia256	16	[RFC6803]
19	hmac-sha256-128-aes128	16	[RFC8009]
20	hmac-sha384-192-aes256	24	[RFC8009]
21-32770	Unassigned
32771	Reserved		[RFC1964]
32772-2147483647	Unassigned

Kerberos TCP Extensions

Reference: [RFC5021]
Available Formats: CSV

Range	Registration Procedures	Note
0-29	IESG Approval or Standards Action
30	Reserved	Standards Action to updates or obsoletes [RFC5021]

Value	Description	Reference
0	Krb5 over TLS	[RFC6251]
1-29	Unassigned
30	Reserved	[RFC5021]

Pre-authentication and Typed Data

Registration Procedure(s)

Expert Review

Expert(s)

Sam Hartman - primary, Larry Zhu - secondary

Reference

[RFC6113]

Note

The designated expert may find that IETF Review is required. See 
[RFC6113] for more information.

Available Formats

CSV

Type	Value	Reference
1	PA-TGS-REQ	[RFC4120]
2	PA-ENC-TIMESTAMP	[RFC4120]
3	PA-PW-SALT	[RFC4120]
4	reserved	[RFC6113]
5	PA-ENC-UNIX-TIME (deprecated)	[RFC4120]
6	PA-SANDIA-SECUREID	[RFC4120]
7	PA-SESAME	[RFC4120]
8	PA-OSF-DCE	[RFC4120]
9	PA-CYBERSAFE-SECUREID	[RFC4120]
10	PA-AFS3-SALT	[RFC4120][RFC3961]
11	PA-ETYPE-INFO	[RFC4120]
12	PA-SAM-CHALLENGE	[draft-ietf-cat-kerberos-passwords-04]
13	PA-SAM-RESPONSE	[draft-ietf-cat-kerberos-passwords-04]
14	PA-PK-AS-REQ_OLD	[draft-ietf-cat-kerberos-pk-init-09]
15	PA-PK-AS-REP_OLD	[draft-ietf-cat-kerberos-pk-init-09]
16	PA-PK-AS-REQ	[RFC4556]
17	PA-PK-AS-REP	[RFC4556]
18	PA-PK-OCSP-RESPONSE	[RFC4557]
19	PA-ETYPE-INFO2	[RFC4120]
20	PA-USE-SPECIFIED-KVNO	[RFC4120]
20	PA-SVR-REFERRAL-INFO	[RFC6806]
21	PA-SAM-REDIRECT	[draft-ietf-krb-wg-kerberos-sam-03]
22	PA-GET-FROM-TYPED-DATA	[(embedded in typed data)][RFC4120]
22	TD-PADATA	[(embeds padata)][RFC4120]
23	PA-SAM-ETYPE-INFO	[(sam/otp)][draft-ietf-krb-wg-kerberos-sam-03]
24	PA-ALT-PRINC	[draft-ietf-krb-wg-hw-auth-04]
25	PA-SERVER-REFERRAL	[draft-ietf-krb-wg-kerberos-referrals-11]
26-29	Unassigned
30	PA-SAM-CHALLENGE2	[draft-ietf-krb-wg-kerberos-sam-03]
31	PA-SAM-RESPONSE2	[draft-ietf-krb-wg-kerberos-sam-03]
32-40	Unassigned
41	PA-EXTRA-TGT	[Reserved extra TGT][RFC6113]
42-100	Unassigned
101	TD-PKINIT-CMS-CERTIFICATES	[RFC4556]
102	TD-KRB-PRINCIPAL	[PrincipalName][RFC6113]
103	TD-KRB-REALM	[Realm][RFC6113]
104	TD-TRUSTED-CERTIFIERS	[RFC4556]
105	TD-CERTIFICATE-INDEX	[RFC4556]
106	TD-APP-DEFINED-ERROR	[Application specific][RFC6113]
107	TD-REQ-NONCE	[INTEGER][RFC6113]
108	TD-REQ-SEQ	[INTEGER][RFC6113]
109	TD_DH_PARAMETERS	[RFC4556]
110	Unassigned
111	TD-CMS-DIGEST-ALGORITHMS	[draft-ietf-krb-wg-pkinit-alg-agility]
112	TD-CERT-DIGEST-ALGORITHMS	[draft-ietf-krb-wg-pkinit-alg-agility]
113-127	Unassigned
128	PA-PAC-REQUEST	[MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx]
129	PA-FOR_USER	[MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx]
130	PA-FOR-X509-USER	[MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx]
131	PA-FOR-CHECK_DUPS	[MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx]
132	PA-AS-CHECKSUM	[MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx]
133	PA-FX-COOKIE	[RFC6113]
134	PA-AUTHENTICATION-SET	[RFC6113]
135	PA-AUTH-SET-SELECTED	[RFC6113]
136	PA-FX-FAST	[RFC6113]
137	PA-FX-ERROR	[RFC6113]
138	PA-ENCRYPTED-CHALLENGE	[RFC6113]
139-140	Unassigned
141	PA-OTP-CHALLENGE	[RFC6560]
142	PA-OTP-REQUEST	[RFC6560]
143	PA-OTP-CONFIRM (OBSOLETED)	[RFC6560]
144	PA-OTP-PIN-CHANGE	[RFC6560]
145	PA-EPAK-AS-REQ	[(sshock@gmail.com)][RFC6113]
146	PA-EPAK-AS-REP	[(sshock@gmail.com)][RFC6113]
147	PA_PKINIT_KX	[RFC8062]
148	PA_PKU2U_NAME	[draft-zhu-pku2u]
149	PA-REQ-ENC-PA-REP	[RFC6806]
150	PA_AS_FRESHNESS	[RFC8070]
151-164	Unassigned
165	PA-SUPPORTED-ETYPES	[MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx]
166	PA-EXTENDED_ERROR	[MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx]

FAST Armor Types

Registration Procedure(s)

Standards Action

Reference

[RFC6113]

Available Formats

CSV

Type	Name	Description	Reference
0	Reserved	Reserved	[RFC6113]
1	FX_FAST_ARMOR_AP_REQUEST	Ticket armor using an ap-req.	[RFC6113]

FAST Options

Registration Procedure(s)

Standards Action

Reference

[RFC6113]

Available Formats

CSV

Type	Name	Description	Reference
0	RESERVED	Reserved for future expansion of this field.	[RFC6113]
1	hide-client-names	Requesting the KDC to hide client names in the KDC response	[RFC6113]
16	kdc-follow-referrals	reserved	[RFC6113]

Well-Known Kerberos Principal Names

Registration Procedure(s)

Specification Required

Reference

[RFC6111]

Available Formats

CSV

Well-Known Kerberos Principal Name	Reference
anonymous	[RFC8062]

Well-Known Kerberos Realm Names

Registration Procedure(s)

Specification Required

Reference

[RFC6111]

Available Formats

CSV

Well-Known Kerberos Realm Name	Reference
anonymous	[RFC8062]

Kerberos Message Transport Types

Registration Procedure(s)

IETF Review

Reference

[RFC6784]

Available Formats

CSV

Value	Description	Reference
0	Reserved	[RFC6784]
1	UDP	[RFC6784]
2	TCP	[RFC6784]
3	TLS	[RFC6784]
4-254	Unassigned
255	Reserved	[RFC6784]