Other Elements and Options

The Kerberos V5 protocol defines optional authorization data elements ([RFC4120] section 5.2.6).

KILE has added the following elements:



KILE SHOULD NOT support the following elements:

  • The AD-KDC-ISSUED element ([RFC4120] section

  • The AD-AND-OR element ([RFC4120] section

  • The AD-MANDATORY-FOR-KDC element ([RFC4120] section

KILE SHOULD NOT fail on unknown authorization data ([RFC4120] section 1.5.1). The server SHOULD NOT generate an error; instead, it SHOULD ignore the unknown data and proceed to authenticate the client.

KILE MUST support the KRB_ERR_RESPONSE_TOO_BIG error message ([RFC4120] section 7.2.1).