This document describes protocol extensions (hereafter called PKINIT) to the Kerberos protocol specification. These extensions provide a method for integrating public key cryptography into the initial authentication exchange@ by using asymmetric-key signature and/or encryption algorithms in pre-authentication data fields.
RFC 4556-2006 history
2006RFC 4556-2006 Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)