Other Elements and Options

The Kerberos V5 protocol defines optional authorization data elements ([RFC4120] section 5.2.6).

KILE has added the following elements:



KILE does not support the following elements:

  • The AD-KDC-ISSUED element ([RFC4120] section

  • The AD-AND-OR element ([RFC4120] section

  • The AD-MANDATORY-FOR-KDC element ([RFC4120] section

KILE does not fail on unknown authorization data ([RFC4120] section 1.5.1). The server does not generate an error; instead, it ignores the unknown data and proceeds to authenticate the client.

KILE MUST support the KRB_ERR_RESPONSE_TOO_BIG error message ([RFC4120] section 7.2.1).