3.1.5.5 Other Elements and Options

The Kerberos V5 protocol defines optional authorization data elements ([RFC4120] section 5.2.6).

KILE has added the following elements:

  • AD-AUTH-DATA-AP-OPTIONS (section 3.2.5.8).

  • KERB_AUTH_DATA_TOKEN_RESTRICTIONS (sections 3.2.5.8 and 3.4.5.3).

KILE SHOULD NOT support the following elements:

  • The AD-KDC-ISSUED element ([RFC4120] section 5.2.6.2).

  • The AD-AND-OR element ([RFC4120] section 5.2.6.3).

  • The AD-MANDATORY-FOR-KDC element ([RFC4120] section 5.2.6.4).

KILE SHOULD NOT fail on unknown authorization data ([RFC4120] section 1.5.1). The server SHOULD NOT generate an error; instead, it SHOULD ignore the unknown data and proceed to authenticate the client.

KILE MUST support the KRB_ERR_RESPONSE_TOO_BIG error message ([RFC4120] section 7.2.1).

Show: