8. Interoperability Requirements
Overview
This section specifies requirements for Kerberos implementations to ensure interoperability between different implementations and deployments.
Purpose
Interoperability requirements define:
- Mandatory features that all implementations must support
- Optional features that enhance functionality
- Compatibility considerations
- Recommended practices
8.1. Specification 2
Defines specific interoperability requirements including:
- Encryption types that MUST be supported
- Message formats that MUST be implemented
- Protocol features that MUST be available
- Behavior requirements for compatibility
8.2. Recommended KDC Values
Provides guidance on:
- Default ticket lifetimes
- Renewal periods
- Clock skew tolerances
- Other operational parameters
Key Requirements
Mandatory Encryption Types
- Specific encryption algorithms must be implemented
- Ensures basic interoperability
- See RFC 3961 for encryption requirements
Message Processing
- All implementations must handle basic message types
- Error handling requirements
- Extension handling
Protocol Features
- Core authentication flows
- Ticket management
- Basic cross-realm support
Configuration Recommendations
- Reasonable default values
- Security vs. usability tradeoffs
- Operational best practices
Reference
For complete interoperability requirements, refer to RFC 4120 Section 8.