An implementation that supports the Kerberos Identity Negotiation Association Profile shall send/accept the User Identity association negotiation sub-item, for User-Identity-Type of 3. If a positive response is requested, the association acceptor implementation shall respond with the association response sub-item containing a Kerberos server ticket. The Kerberos server ticket information shall be made available to internal or external Kerberos authentication systems. The user identity shall be authenticated by means of the Kerberos authentication system. If the authentication fails, the association shall be rejected.
The user identity from the Primary-field shall be used within the implementation as the user identification. Such uses include recording user identification in audit messages.
Table B.6-1Minimum Mechanisms for DICOM Association Negotiation Features
|Supported Association Negotiation Feature||Minimum Mechanism|