Kerberos Parameters Created 2004-06-29 Last Updated 2012-12-11 This registry is also available in plain text. Registries included below * Kerberos Encryption Type Numbers * Kerberos Checksum Type Numbers * Kerberos TCP Extensions * Pre-authentication and Typed Data * FAST Armor Types * FAST Options * Well-Known Kerberos Principal Names * Well-Known Kerberos Realm Names * Kerberos Message Transport Types Kerberos Encryption Type Numbers Registration Procedure(s) Standards Action or Expert Review Expert(s) Ken Raeburn Reference [RFC3961] Note These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned. etype encryption type Reference 0 reserved [RFC6448] 1 des-cbc-crc [RFC3961] 2 des-cbc-md4 [RFC3961] 3 des-cbc-md5 [RFC3961] 4 Reserved [RFC3961] 5 des3-cbc-md5 6 Reserved [RFC3961] 7 des3-cbc-sha1 8 Unassigned 9 dsaWithSHA1-CmsOID [RFC4556] 10 md5WithRSAEncryption-CmsOID [RFC4556] 11 sha1WithRSAEncryption-CmsOID [RFC4556] 12 rc2CBC-EnvOID [RFC4556] 13 rsaEncryption-EnvOID [RFC4556][from PKCS#1 v1.5]] 14 rsaES-OAEP-ENV-OID [RFC4556][from PKCS#1 v2.0]] 15 des-ede3-cbc-Env-OID [RFC4556] 16 des3-cbc-sha1-kd [RFC3961] 17 aes128-cts-hmac-sha1-96 [RFC3962] 18 aes256-cts-hmac-sha1-96 [RFC3962] 19-22 Unassigned 23 rc4-hmac [RFC4757] 24 rc4-hmac-exp [RFC4757] 25 camellia128-cts-cmac [RFC6803] 26 camellia256-cts-cmac [RFC6803] 27-64 Unassigned 65 subkey-keymaterial [(opaque; PacketCable)] 66-2147483647 Unassigned Kerberos Checksum Type Numbers Registration Procedure(s) Standards Action or Expert Review Expert(s) Ken Raeburn Reference [RFC3961] Note These are signed values ranging from -2147483648 to 2147483647. Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols. Negative values are for private use; local and experimental algorithms should use these values. Zero is reserved and may not be assigned. sumtype value Checksum type checksum size Reference 0 Reserved [RFC3961] 1 CRC32 4 [RFC3961] 2 rsa-md4 16 [RFC3961] 3 rsa-md4-des 24 [RFC3961] 4 des-mac 16 [RFC3961] 5 des-mac-k 8 [RFC3961] 6 rsa-md4-des-k 16 [RFC3961] 7 rsa-md5 16 [RFC3961] 8 rsa-md5-des 24 [RFC3961] 9 rsa-md5-des3 24 10 sha1 (unkeyed) 20 11 Unassigned 12 hmac-sha1-des3-kd 20 [RFC3961] 13 hmac-sha1-des3 20 14 sha1 (unkeyed) 20 15 hmac-sha1-96-aes128 20 [RFC3962] 16 hmac-sha1-96-aes256 20 [RFC3962] 17 cmac-camellia128 16 [RFC6803] 18 cmac-camellia256 16 [RFC6803] 19-32770 Unassigned 32771 Reserved [RFC1964] 32772-2147483647 Unassigned Kerberos TCP Extensions Reference [RFC5021] Value Description Reference 0 Krb5 over TLS [RFC6251] 1-29 Unassigned 30 Reserved [RFC5021] Pre-authentication and Typed Data Registration Procedure(s) Expert Review Expert(s) Sam Hartman - primary, Larry Zhu - secondary Reference [RFC6113] Note The designated expert may find that IETF Review is required. See [RFC6113] for more information. Type Value Reference 1 PA-TGS-REQ [RFC4120] 2 PA-ENC-TIMESTAMP [RFC4120] 3 PA-PW-SALT [RFC4120] 4 reserved [RFC6113] 5 PA-ENC-UNIX-TIME (deprecated) [RFC4120] 6 PA-SANDIA-SECUREID [RFC4120] 7 PA-SESAME [RFC4120] 8 PA-OSF-DCE [RFC4120] 9 PA-CYBERSAFE-SECUREID [RFC4120] 10 PA-AFS3-SALT [RFC4120][RFC3961] 11 PA-ETYPE-INFO [RFC4120] 12 PA-SAM-CHALLENGE [draft-ietf-cat-kerberos-passwords-04] 13 PA-SAM-RESPONSE [draft-ietf-cat-kerberos-passwords-04] 14 PA-PK-AS-REQ_OLD [draft-ietf-cat-kerberos-pk-init-09] 15 PA-PK-AS-REP_OLD [draft-ietf-cat-kerberos-pk-init-09] 16 PA-PK-AS-REQ [RFC4556] 17 PA-PK-AS-REP [RFC4556] 18 PA-PK-OCSP-RESPONSE [RFC4557] 19 PA-ETYPE-INFO2 [RFC4120] 20 PA-USE-SPECIFIED-KVNO [RFC4120] 20 PA-SVR-REFERRAL-INFO [RFC6806] 21 PA-SAM-REDIRECT [draft-ietf-krb-wg-kerberos-sam-03] 22 PA-GET-FROM-TYPED-DATA [(embedded in typed data)][RFC4120] 22 TD-PADATA [(embeds padata)][RFC4120] 23 PA-SAM-ETYPE-INFO [(sam/otp)][draft-ietf-krb-wg-kerberos-sam-03] 24 PA-ALT-PRINC [draft-ietf-krb-wg-hw-auth-04] 25 PA-SERVER-REFERRAL [draft-ietf-krb-wg-kerberos-referrals-11] 26-29 Unassigned 30 PA-SAM-CHALLENGE2 [draft-ietf-krb-wg-kerberos-sam-03] 31 PA-SAM-RESPONSE2 [draft-ietf-krb-wg-kerberos-sam-03] 32-40 Unassigned 41 PA-EXTRA-TGT [Reserved extra TGT][RFC6113] 42-100 Unassigned 101 TD-PKINIT-CMS-CERTIFICATES [RFC4556] 102 TD-KRB-PRINCIPAL [PrincipalName][RFC6113] 103 TD-KRB-REALM [Realm][RFC6113] 104 TD-TRUSTED-CERTIFIERS [RFC4556] 105 TD-CERTIFICATE-INDEX [RFC4556] 106 TD-APP-DEFINED-ERROR [Application specific][RFC6113] 107 TD-REQ-NONCE [INTEGER][RFC6113] 108 TD-REQ-SEQ [INTEGER][RFC6113] 109 TD_DH_PARAMETERS [RFC4556] 110 Unassigned 111 TD-CMS-DIGEST-ALGORITHMS [draft-ietf-krb-wg-pkinit-alg-agility] 112 TD-CERT-DIGEST-ALGORITHMS [draft-ietf-krb-wg-pkinit-alg-agility] 113-127 Unassigned 128 PA-PAC-REQUEST [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 129 PA-FOR_USER [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 130 PA-FOR-X509-USER [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 131 PA-FOR-CHECK_DUPS [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 132 PA-AS-CHECKSUM [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 133 PA-FX-COOKIE [RFC6113] 134 PA-AUTHENTICATION-SET [RFC6113] 135 PA-AUTH-SET-SELECTED [RFC6113] 136 PA-FX-FAST [RFC6113] 137 PA-FX-ERROR [RFC6113] 138 PA-ENCRYPTED-CHALLENGE [RFC6113] 139-140 Unassigned 141 PA-OTP-CHALLENGE [RFC6560] 142 PA-OTP-REQUEST [RFC6560] 143 PA-OTP-CONFIRM (OBSOLETED) [RFC6560] 144 PA-OTP-PIN-CHANGE [RFC6560] 145 PA-EPAK-AS-REQ [(sshock@gmail.com)][RFC6113] 146 PA-EPAK-AS-REP [(sshock@gmail.com)][RFC6113] 147 PA_PKINIT_KX [RFC6112] 148 PA_PKU2U_NAME [draft-zhu-pku2u] 149 PA-REQ-ENC-PA-REP [RFC6806] 150-164 Unassigned 165 PA-SUPPORTED-ETYPES [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] 166 PA-EXTENDED_ERROR [MSKILE][http://msdn2.microsoft.com/en-us/library/cc206927.aspx] FAST Armor Types Registration Procedure(s) Standards Action Reference [RFC6113] Type Name Description Reference 0 Reserved Reserved [RFC6113] 1 FX_FAST_ARMOR_AP_REQUEST Ticket armor using an ap-req. [RFC6113] FAST Options Registration Procedure(s) Standards Action Reference [RFC6113] Type Name Description Reference 0 RESERVED Reserved for future expansion of this field. [RFC6113] 1 hide-client-names Requesting the KDC to hide client names in the KDC response [RFC6113] 16 kdc-follow-referrals reserved [RFC6113] Well-Known Kerberos Principal Names Registration Procedure(s) Specification Required Reference [RFC6111] Well-Known Kerberos Principal Name Reference anonymous [RFC6112] Well-Known Kerberos Realm Names Registration Procedure(s) Specification Required Reference [RFC6111] Well-Known Kerberos Realm Name Reference anonymous [RFC6112] Kerberos Message Transport Types Registration Procedure(s) IETF Review Reference [RFC6784] 0 Reserved [RFC6784] 1 UDP [RFC6784] 2 TCP [RFC6784] 3 TLS [RFC6784] 4-254 Unassigned 255 Reserved [RFC6784]