This document describes protocol extensions (hereafter called PKINIT) to the Kerberos protocol specification. These extensions provide a method for integrating public key cryptography into the initial authentication exchange@ by using asymmetric-key signature and/or encryption algorithms in pre-authentication data fields.