Department of Defense
High Performance Computing Modernization Program

Kerberos5 software since version 1.3.5 from the Massachusetts Institute of Technology (MIT) has had extensive (but not complete) support for Internet Protocol version 6 (IPv6). Additional work has been done by various groups within the Department of Defense (DoD) High Performance Computing Modernization Program (HPCMP) to incorporate Public Key Infrastructure (PKI) support for DoD Common Access Cards (CAC). For additional information, please contact ipv6-team [at] hpc.mil.

Major Kerberos5 applications support IPv6 natively (kinit, kftp, kpasswd, ktelnet, pkinit, pkpasswd, et cetera). kadmin will only support IPv6 in Kerberos5 version 1.9 or newer.

The following are additional notes on Kerberos5 and IPv6:

- Each realm Key Distribution Center (KDC) server must have IPv6 addresses added to its keytab file to be accessible via IPv6 (just as IPv4 addresses are required to be accessible via IPv4).

- The application clients and servers as distributed by MIT all support IPv6. They all will try the IPv6 address for a server first; if they cannot connect, they will fall back to the IPv4 address.


Top