7.1. Host Address Types
Overview
Host addresses in Kerberos tickets can restrict ticket usage to specific network locations. Various address types are defined to support different network protocols.
Defined Address Types
| Type | Value | Description |
|---|---|---|
| IPv4 | 2 | Internet Protocol V4 |
| Directional | 3 | Directional address |
| ChaosNet | 5 | ChaosNet address |
| XNS | 6 | Xerox Network Services |
| ISO | 7 | ISO protocols |
| DECNET Phase IV | 12 | DECnet Phase IV |
| AppleTalk DDP | 16 | AppleTalk DDP |
| NetBios | 20 | NetBios address |
| IPv6 | 24 | Internet Protocol V6 |
Usage
- Address restrictions in tickets
- Client address validation
- Network location-based access control
- Address-based ticket restrictions
Security Considerations
- Addresses can be spoofed in some network environments
- NAT and proxies complicate address-based restrictions
- Modern deployments often use addressless tickets
- Policy decisions should not solely rely on addresses
Reference
For complete list, refer to RFC 4120 Section 7.1.