Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

3.1.5.5 Other Elements and Options

The Kerberos V5 protocol defines optional authorization data elements ([RFC4120] section 5.2.6).

KILE has added the following elements:

  • AD-AUTH-DATA-AP-OPTIONS (section 3.2.5.8).

  • KERB_AUTH_DATA_TOKEN_RESTRICTIONS (sections 3.2.5.8 and 3.4.5.3).

KILE SHOULD NOT support the following elements:

  • The AD-KDC-ISSUED element ([RFC4120] section 5.2.6.2).

  • The AD-AND-OR element ([RFC4120] section 5.2.6.3).

  • The AD-MANDATORY-FOR-KDC element ([RFC4120] section 5.2.6.4).

KILE SHOULD NOT fail on unknown authorization data ([RFC4120] section 1.5.1). The server SHOULD NOT generate an error; instead, it SHOULD ignore the unknown data and proceed to authenticate the client.

KILE MUST support the KRB_ERR_RESPONSE_TOO_BIG error message ([RFC4120] section 7.2.1).

Show:
© 2015 Microsoft