Kerberos Cipher Suites in Transport Layer Security (TLS)
Cisco Systems
RFC 2712 [KERBTLS] introduced mechanisms for supporting Kerberos [KERB] authentication within the TLS protocol [TLS]. This document extends RFC 2712 to support delegation of Kerberos credentials. In this way, a TLS server may obtain a Kerberos service ticket on behalf of the TLS client. Thus, a single client identity may be used for authentication within a multi-tier architecture. This draft also proposes a mechanism for a TLS server to indicate Kerberos-specific information to the client within the certificate request message in the initial exchange.