Network Working Group                                          L J Blunk
                                                          J R Vollbrecht
Internet Draft                                                     Merit
expires in six months                                          July 1994


         PPP Kerberos version 4 Authentication Protocol (KAPv4)
                  <draft-ietf-pppext-kapv4-auth-00.txt>



Status of this Memo

   This document is the product of the Point-to-Point Protocol
   Extensions Working Group of the Internet Engineering Task Force
   (IETF).  Comments should be submitted to the ietf-ppp@merit.edu
   mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is not appropriate to use Internet-Drafts as reference
   material or to cite them other than as ``work in progress.''

   To learn the current status of any Internet-Draft, please check the
   ``1id-abstracts.txt'' listing contained in the Internet- Drafts
   Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net
   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
   Rim).

Abstract

   The Point-to-Point Protocol (PPP) [1] provides a standard method for
   transporting multi-protocol datagrams over point-to-point links.

   PPP also defines an extensible Link Control Protocol, which allows
   negotiation of an Authentication Protocol for authenticating its peer
   before allowing Network Layer protocols to transmit over the link.

   This document defines the PPP Kerberos version 4 Authentication
   Protocol.




Blunk & Vollbrecht       expires in six months                  [Page i]
DRAFT                          PPP KAPv4                       July 1994


1.  Introduction

   In order to establish communications over a point-to-point link, each
   end of the PPP link must first send LCP packets to configure the data
   link during Link Establishment phase.  After the link has been
   established, PPP provides for an optional Authentication phase before
   proceeding to the Network-Layer Protocol phase.

   By default, authentication is not mandatory.  If authentication of
   the link is desired, an implementation MUST specify the
   Authentication-Protocol Configuration Option during Link
   Establishment phase.

   These authentication protocols are intended for use primarily by
   hosts and routers that connect to a PPP network server via switched
   circuits or dial-up lines, but might be applied to dedicated links as
   well.  The server can use the identification of the connecting host
   or router in the selection of options for network layer negotiations.

   This document defines the PPP KAPv4 authentication protocol.  The
   Link Establishment and Authentication phases, and the
   Authentication-Protocol Configuration Option, are defined in The
   Point-to-Point Protocol (PPP) [1].


1.1.  Specification of Requirements

   In this document, several words are used to signify the requirements
   of the specification.  These words are often capitalized.

   MUST      This word, or the adjective "required", means that the
             definition is an absolute requirement of the specification.

   MUST NOT  This phrase means that the definition is an absolute
             prohibition of the specification.

   SHOULD    This word, or the adjective "recommended", means that there
             may exist valid reasons in particular circumstances to
             ignore this item, but the full implications must be
             understood and carefully weighed before choosing a
             different course.

   MAY       This word, or the adjective "optional", means that this
             item is one of an allowed set of alternatives.  An
             implementation which does not include this option MUST be
             prepared to interoperate with another implementation which
             does include the option.




Blunk & Vollbrecht       expires in six months                  [Page 1]
DRAFT                          PPP KAPv4                       July 1994


1.2.  Terminology

   This document frequently uses the following terms:

   authenticator
             The end of the link requiring the authentication.  The
             authenticator specifies the authentication protocol to be
             used in the Configure-Request during Link Establishment
             phase.

   peer      The other end of the point-to-point link; the end which is
             being authenticated by the authenticator.

   silently discard
             This means the implementation discards the packet without
             further processing.  The implementation SHOULD provide the
             capability of logging the error, including the contents of
             the silently discarded packet, and SHOULD record the event
             in a statistics counter.
































Blunk & Vollbrecht       expires in six months                  [Page 2]
DRAFT                          PPP KAPv4                       July 1994


2.  PPP Kerberos version 4 Authentication Protocol

   The PPP Kerberos version 4 Authentication Protocol (KAPv4) is used to
   verify the identity of a peer using the Kerberos version 4
   Authentication System.  Normally, Kerberos version 4 authentication
   requires that the peer possess an IP address.  However, with PPP, the
   peer may not know the IP address prior to authentication. Given this
   constraint, the KAPv4 protocol is designed to operate over the PPP
   link prior to the IP Network Protocol having been negotiated.  It is
   assumed that the authenticator has network connectivity to the
   Kerberos server(s) to be used for authentication.

   1.    After the Link Establishment phase is complete, the
         authenticator sends a request for the identity of the the peer.

   2.    The peer replies with its Kerberos principal identity.  The
         peer may also optionally specify a service name and instance.
         It is recommended that ppp-kapv4 be used as the primary name
         for the service.  An instance should generally not be required
         but MUST be configurable.  If the peer does not present a
         service name, this indicates that it will not check the
         identity of service to which it is authenticating.

   3.    The authenticator then uses the Kerberos Authentication Service
         Protocol to request the Kerberos credentials to be used by the
         peer.  These credentials are then forwarded to the peer along
         with a randon challenge.  The challenge is used to prevent
         replay attacks.

   4.    The peer decrypts these credentials to obtain a ticket for the
         authenticator and a session key.  The session key is used to
         encrypt the challenge.  The peer then sends the ticket together
         with the response to the challenge back to the authenticator.
         It may optionally include a mutual challenge to verify the
         identity of the authenticator.

   5.    The authenticator then decrypts the ticket and checks the
         response to its challenge.  If these are valid, the
         authentication is acknowledged with a success message;
         otherwise the authenticator replies with a failure response.
         The authenticator also replies with a response to the peer's
         challenge.









Blunk & Vollbrecht       expires in six months                  [Page 3]
DRAFT                          PPP KAPv4                       July 1994


Advantages

   KAPv4 provides an authentication mechanism which does not require
   passing a user's password in the clear.  It also allows PPP
   authentication to leverage off of existing Kerberos authentication
   servers.

   The authenticator is not the repository for any peer secrets.  This
   is a significant advantage when there are many peers.

   This authentication can be mutual.  The ability of the peer to
   successfully decrypt the Kerberos credentials and generate a response
   to the challenge is the assurance to the authenticator that the peer
   is authentic.  The ability of the authenticator to encrypt a response
   to a challenge using the session key is the assurance to the peer
   that the authenticator is also authentic.

Disadvantages

   KAPv4 depends upon encryption technology which may be subject to
   export controls.






























Blunk & Vollbrecht       expires in six months                  [Page 4]
DRAFT                          PPP KAPv4                       July 1994


2.1.  Configuration Option Format

   A summary of the Authentication-Protocol Configuration Option format
   to negotiate the KAPv4 Authentication Protocol is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     Authentication-Protocol   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type

      3

   Length

      4

   Authentication-Protocol

      ???? for PPP Kerberos version 4 Authentication Protocol (KAPv4)



























Blunk & Vollbrecht       expires in six months                  [Page 5]
DRAFT                          PPP KAPv4                       July 1994


2.2.  Packet Format

   Exactly one PPP Kerberos version 4 Authentication Protocol packet is
   encapsulated in the Information field of a PPP Data Link Layer frame
   where the protocol field indicates type hex ???? (PPP Kerberos
   version 4 Authentication Protocol).  A summary of the KAPv4 packet
   format is shown below.  The fields are transmitted from left to
   right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Data ...
   +-+-+-+-+


   Code

      The Code field is one octet and identifies the type of KAPv4
      packet.  KAPv4 Codes are assigned as follows:

         1       Initiate
         2       Principal
         3       Credentials
         4       Ticket
         5       Success
         6       Failure


   Identifier

      The Identifier field is one octet and aids in matching replies
      with requests and responses to challenges.

   Length

      The Length field is two octets and indicates the length of the
      KAPv4 packet including the Code, Identifier, Length and Data
      fields.  Octets outside the range of the Length field should be
      treated as Data Link Layer padding and should be ignored on
      reception.

   Data

      The Data field is zero or more octets.  The format of the Data
      field is determined by the Code field.



Blunk & Vollbrecht       expires in six months                  [Page 6]
DRAFT                          PPP KAPv4                       July 1994


2.2.1.  Initiate

   Description

      The Initiate packet is used to begin the PPP Kerberos version 4
      Authentication Protocol.  The authenticator MUST transmit a KAPv4
      packet with the Code field set to 1 (Initiate).  Additional
      Initiate packets MUST be sent until a valid Response packet is
      received, or an optional retry counter expires.

   A summary of the Initiate packet format is shown below.  The fields
   are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Code

      1

   Identifier

      The Identifier field is one octet.  The Identifier field MUST be
      changed each time an Initiate is sent.























Blunk & Vollbrecht       expires in six months                  [Page 7]
DRAFT                          PPP KAPv4                       July 1994


2.2.2.  Principal

   Description

      The Principal packet is used to identify the peer to the
      authenticator.  It is sent in response to an Initiate packet.  The
      peer MUST transmit a KAPv4 packet with the Code field set to 2
      (Principal). The identifier of the Principal packet MUST match the
      indentifier in the Initiate packet.  The authenticator uses the
      supplied information to generate a KRB_AS_REQ message for the
      Kerberos Server.  The authenticator responds to the Principal
      packet with either a Credentials packet or a Failure packet.

   A summary of the Principal packet format is shown below.  The fields
   are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Name-Size    |  Name ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Instance-Size |  Instance ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Realm-Size   |  Realm ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Sname-Size   |  Service Name ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Sinstance-Size|  Service Instance ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Code

      2

   Identifier

      The Identifier field is one octet.  The Principal Identifier MUST
      be copied from the Identifier field of the Initiate which caused
      the Response.

   Principal fields

      The Name, Instance, and Realm fields are used to identify the
      Kerberos Principal.  The Service Name is optional and specifies
      that the peer expects to authenticate to a particular service and



Blunk & Vollbrecht       expires in six months                  [Page 8]
DRAFT                          PPP KAPv4                       July 1994


      will check this attribute when examining the credentials.  If the
      peer does not care about the service identity, it should put a
      zero in the Service Name Size field.
















































Blunk & Vollbrecht       expires in six months                  [Page 9]
DRAFT                          PPP KAPv4                       July 1994


2.2.3.  Credentials

   Description

      The Credentials packet is used to supply the peer with the needed
      credentials for authentication.  It is sent in response to a
      Principal packet and  contains a ticket for the authenticator and
      a session key.  It also contains a random challenge to prevent
      replay attacks.  The authenticator MUST transmit a KAPv4 packet
      with the Code field set to 3 (Credentials).  Additional
      Credentials packets MUST be sent until a valid Response packet is
      received, or an optional retry counter expires.

   A summary of the Credentials packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Cred-Size   |  Credentials ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Chal-Size   |  Challenge ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Code

      3

   Identifier

      The Identifier field is one octet.  The Identifier field MUST be
      changed each time a Credentials packet is sent.

   Credentials

      The Credentials field is copied from the KRB_AS_REP packet
      received by the authenticator from the Kerberos server.  It takes
      the form:

         { T_(peer,authenticator), K_(peer, authenticator) }K_peer

   Challenge

      The Challenge Value is a variable length stream of octets.  The
      Challenge Value MUST be changed each time a Credentials packet is



Blunk & Vollbrecht       expires in six months                 [Page 10]
DRAFT                          PPP KAPv4                       July 1994


      sent.


















































Blunk & Vollbrecht       expires in six months                 [Page 11]
DRAFT                          PPP KAPv4                       July 1994


2.2.4.  Ticket

   Description

      The Ticket packet is sent by the peer to the authenticator as
      verification of its authenticity.  It is sent in response to a
      Credentials packet and contains a ticket for the authenticator and
      a response to the authenticator's challenge.  The response for the
      challenge is generated by encrypting the challenge with the
      session key. The peer may also specicy a Mutual Challenge for the
      authenticator.  This field should not be included if the peer does
      not wish to challenge the authenticator. The peer MUST transmit a
      KAPv4 packet with the Code field set to 4 (Ticket).

   A summary of the Ticket packet format is shown below.  The fields are
   transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Ticket-Size  |  Ticket ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Response-Size |  Response ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | MA_Chal-Size  |  MA_Challenge ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Code

      4

   Identifier

      The Identifier field is one octet.  The Identifier field MUST
      match the Indentifier field of the Credentials packet that it is
      sent in response to.

   Ticket

      The Ticket field is copied from the Credentials data received from
      the authenticator.  It takes the form:

          T_(peer,authenticator)





Blunk & Vollbrecht       expires in six months                 [Page 12]
DRAFT                          PPP KAPv4                       July 1994


   Response

      The response field is generated by encrypting the challenge from
      the Credentials packets using the Session key.  The DES PCBC
      encryption algorithm is used to generate this response.  The
      Session key is used as the ivec.

   MA_Challenge

      The MA_Challenge field is a variable length string of octets used
      to mutually authenticate the authenticator.  The peer should put a
      zero in the MA_Challenge size field if it does not with to
      challenge the authenticator.






































Blunk & Vollbrecht       expires in six months                 [Page 13]
DRAFT                          PPP KAPv4                       July 1994


2.2.5.  Success

   Description

      If the fields received in a Ticket match the expected values AND
      the response to the challenge is correct, then the implementation
      MUST transmit a KAPv4 packet with the Code field set to 5
      (Success).  The authenticator must also include a response to the
      MA_Challenge if the field was present in the Ticket packet.

   A summary of the Success packet format is shown below.  The fields
   are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Message-Size |  Message ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  MA_Resp-Size |  MA_Response ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Code

      5

   Identifier

      The Identifier field is one octet and aids in matching requests
      and replies.  The Identifier field MUST be copied from the
      Identifier field of the Ticket packet which caused this reply.

   Message

      The Message field is zero or more octets, and its contents are
      implementation dependent.  It is intended to be human readable,
      and MUST NOT affect operation of the protocol.  It is recommended
      that the message contain displayable ASCII characters 32 through
      126 decimal.  Mechanisms for extension to other character sets are
      the topic of future research.

   MA_Response

      The MA_Response contains the reponse to the peers MA_Challenge (if
      present).  The MA_Response is the DES PCBC encryption of
      MA_Challenge using the Session Key.  The Session Key is used as



Blunk & Vollbrecht       expires in six months                 [Page 14]
DRAFT                          PPP KAPv4                       July 1994


      the ivec for the encryption.


















































Blunk & Vollbrecht       expires in six months                 [Page 15]
DRAFT                          PPP KAPv4                       July 1994


2.2.6.  Failure

   Description

      If the fields received in a Ticket do NOT match the expected
      values OR the response to the challenge does NOT match the
      expected value, then the implementation MUST transmit a KAPv4
      packet with the Code field set to 6 (Failure), and SHOULD take
      action to terminate the link.  A Failure packet may also be sent
      in response to a Principal packet.  The Failure would be sent in
      the case where the pricipal or service identity were unacceptable
      or an error was received in response to the authenticator
      KBR_AS_REQ message.

   A summary of the Challenge and Response packet format is shown below.
   The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Message-Size |  Message ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Code

      6

   Identifier

      The Identifier field is one octet and aids in matching requests
      and replies.  The Identifier field MUST be copied from the
      Identifier field of the Ticket or Principal packet which caused
      this reply.

   Message-Size

      This field is one octet and indicates the length of the Message
      field.

   Message

      The Message field is zero or more octets, and its contents are
      implementation dependent.  It is intended to be human readable,
      and MUST NOT affect operation of the protocol.  It is recommended
      that the message contain displayable ASCII characters 32 through



Blunk & Vollbrecht       expires in six months                 [Page 16]
DRAFT                          PPP KAPv4                       July 1994


      126 decimal.  Mechanisms for extension to other character sets are
      the topic of future research.

















































Blunk & Vollbrecht       expires in six months                 [Page 17]
DRAFT                          PPP KAPv4                       July 1994


Security Considerations

   Security issues are the primary topic of this RFC.

   The interaction of the authentication protocols within PPP are highly
   implementation dependent.  This is indicated by the use of SHOULD
   throughout the document.

   For example, upon failure of authentication, some implementations do
   not terminate the link.  Instead, the implementation limits the kind
   of traffic in the Network-Layer Protocols to a filtered subset, which
   in turn allows the user opportunity to update secrets or send mail to
   the network administrator indicating a problem.

   There is no provision for re-tries of failed authentication.
   However, the LCP state machine can renegotiate the authentication
   protocol at any time, thus allowing a new attempt.  It is recommended
   that any counters used for authentication failure not be reset until
   after successful authentication, or subsequent termination of the
   failed link.

   There is no requirement that authentication be full duplex or that
   the same protocol be used in both directions.  It is perfectly
   acceptable for different protocols to be used in each direction.
   This will, of course, depend on the specific protocols negotiated.

   In practice, within or associated with each PPP server, there is a
   database which associates "user" names with authentication
   information ("secrets").  It is not anticipated that a particular
   named user would be authenticated by multiple methods.  This would
   make the user vulnerable to attacks which negotiate the least secure
   method from among a set (such as PAP rather than KAPv4).  Instead,
   for each named user there should be an indication of exactly one
   method used to authenticate that user name.  If a user needs to make
   use of different authentication methods under different
   circumstances, then distinct user names SHOULD be employed, each of
   which identifies exactly one authentication method.














Blunk & Vollbrecht       expires in six months                 [Page 18]
DRAFT                          PPP KAPv4                       July 1994


References

   [1]   Simpson, W. A., "The Point-to-Point Protocol (PPP)", work in
         progress.

   [2]   Reynolds, J., and J. Postel, "Assigned Numbers", RFC 1340,
         USC/Information Sciences Institute, July 1992.


Acknowledgments

   Thanks to Bill Simpson for his initial work on this document.


Chair's Address

   The working group can be contacted via the current chair:

      Fred Baker
      Advanced Computer Communications
      315 Bollay Drive
      Santa Barbara, California, 93111

      EMail: fbaker@acc.com


Author's Address

   Questions about this memo can also be directed to:

      Larry J Blunk                   John R Vollbrecht

      EMail: ljb@merit.edu            EMail: jrv@merit.edu


















Blunk & Vollbrecht       expires in six months                 [Page 19]
DRAFT                          PPP KAPv4                       July 1994


                           Table of Contents


     1.     Introduction ..........................................    1
        1.1       Specification of Requirements ...................    1
        1.2       Terminology .....................................    2

     2.     PPP Kerberos version 4 Authentication Protocol ........    3
        2.1       Configuration Option Format .....................    5
        2.2       Packet Format ...................................    6
           2.2.1  Initiate ........................................    7
           2.2.2  Principal .......................................    8
           2.2.3  Credentials .....................................   10
           2.2.4  Ticket ..........................................   12
           2.2.5  Success .........................................   14
           2.2.6  Failure .........................................   16

     SECURITY CONSIDERATIONS ......................................   18

     REFERENCES ...................................................   19

     ACKNOWLEDGEMENTS .............................................   19

     CHAIR'S ADDRESS ..............................................   19

     AUTHOR'S ADDRESS .............................................   19