1.pl 10.0i 2.po 0 3.ll 7.2i 4.lt 7.2i 5.nr LL 7.2i 6.nr LT 7.2i 7.ds LF Westerlund 8.ds RF [Page %] 9.ds CF 10.ds LH Internet Draft 11.ds RH October, 1997 12.ds CH Kerberos over IPv6 13.hy 0 14.ad l 15.in 0 16.ta \n(.luR 17Network Working Group Assar Westerlund 18<draft-ietf-cat-krb5-ipv6.txt> SICS 19Internet-Draft October, 1997 20Expire in six months 21 22.ce 23Kerberos over IPv6 24 25.ti 0 26Status of this Memo 27 28.in 3 29This document is an Internet-Draft. Internet-Drafts are working 30documents of the Internet Engineering Task Force (IETF), its 31areas, and its working groups. Note that other groups may also 32distribute working documents as Internet-Drafts. 33 34Internet-Drafts are draft documents valid for a maximum of six 35months and may be updated, replaced, or obsoleted by other 36documents at any time. It is inappropriate to use Internet- 37Drafts as reference material or to cite them other than as 38"work in progress." 39 40To view the entire list of current Internet-Drafts, please check 41the "1id-abstracts.txt" listing contained in the Internet-Drafts 42Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net 43(Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East 44Coast), or ftp.isi.edu (US West Coast). 45 46Distribution of this memo is unlimited. Please send comments to the 47<cat-ietf@mit.edu> mailing list. 48 49.ti 0 50Abstract 51 52.in 3 53This document specifies the address types and transport types 54necessary for using Kerberos [RFC1510] over IPv6 [RFC1883]. 55 56.ti 0 57Specification 58 59.in 3 60IPv6 addresses are 128-bit (16-octet) quantities, encoded in MSB 61order. The type of IPv6 addresses is twenty-four (24). 62 63The following addresses (see [RFC1884]) MUST not appear in any 64Kerberos packet: 65 66the Unspecified Address 67.br 68the Loopback Address 69.br 70Link-Local addresses 71 72IPv4-mapped IPv6 addresses MUST be represented as addresses of type 2. 73 74Communication with the KDC over IPv6 MUST be done as in section 758.2.1 of [RFC1510]. 76 77.ti 0 78Discussion 79 80.in 3 81[RFC1510] suggests using the address family constants in 82<sys/socket.h> from BSD. This cannot be done for IPv6 as these 83numbers have diverged and are different on different BSD-derived 84systems. [RFC2133] does not either specify a value for AF_INET6. 85Thus a value has to be decided and the implementations have to convert 86between the value used in Kerberos HostAddress and the local AF_INET6. 87 88There are a few different address types in IPv6, see [RFC1884]. Some 89of these are used for quite special purposes and it makes no sense to 90include them in Kerberos packets. 91 92It is necessary to represent IPv4-mapped addresses as Internet 93addresses (type 2) to be compatible with Kerberos implementations that 94only support IPv4. 95 96.ti 0 97Security considerations 98 99.in 3 100This memo does not introduce any known security considerations in 101addition to those mentioned in [RFC1510]. 102 103.ti 0 104References 105 106.in 3 107[RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network 108Authentication Service (V5)", RFC 1510, September 1993. 109 110[RFC1883] Deering, S., Hinden, R., "Internet Protocol, Version 6 111(IPv6) Specification", RFC 1883, December 1995. 112 113[RFC1884] Hinden, R., Deering, S., "IP Version 6 Addressing 114Architecture", RFC 1884, December 1995. 115 116[RFC2133] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic 117Socket Interface Extensions for IPv6", RFC2133, April 1997. 118 119.ti 0 120Author's Address 121 122Assar Westerlund 123.br 124Swedish Institute of Computer Science 125.br 126Box 1263 127.br 128S-164 29 KISTA 129.br 130Sweden 131 132Phone: +46-8-7521526 133.br 134Fax: +46-8-7517230 135.br 136EMail: assar@sics.se 137