188.8.131.52 Pre-authentication Data
Pre-authentication ([RFC4120] sections 3.1.1, 5.4.1, and 5.2.7) is an extensibility point for the Kerberos V5 protocol. Pre-authentication is performed by supplying one or more pre-authentication messages in the PA-data field of the AS-REQ and AS-REP messages.
KILE supports the following pre-authentication types described in ([RFC4120] section 7.5.2):
KILE supports the following pre-authentication types described in ([Referrals-11] Appendix A):
KILE supports the following pre-authentication types added in [RFC6113] section 7.1:
KILE adds the following pre-authentication types:
Unknown pre-authentication types MUST be ignored by KDCs.
When clients perform a password-based initial authentication, they MUST supply the PA-ENC-TIMESTAMP pre-authentication type when they construct the initial AS request. They SHOULD request, via the PA-PAC-REQUEST pre-authentication type, that a privilege attribute certificate (PAC) be included in issued tickets.
If the KDC does not receive the required pre-authentication message in the AS exchange, an error MUST be returned to the client. The exact error depends on what pre-authentication types were supplied.