3.1.5.5 Other Elements and Options
The Kerberos V5 protocol defines optional authorization data elements ([RFC4120] section 5.2.6).
KILE has added the following elements:
AD-AUTH-DATA-AP-OPTIONS (section 3.2.5.8).
KERB_AUTH_DATA_TOKEN_RESTRICTIONS (141) (sections 3.2.5.8 and 3.4.5.3).
KILE does not support the following elements:
The AD-KDC-ISSUED element ([RFC4120] section 5.2.6.2).
The AD-AND-OR element ([RFC4120] section 5.2.6.3).
The AD-MANDATORY-FOR-KDC element ([RFC4120] section 5.2.6.4).
KILE does not fail on unknown authorization data ([RFC4120] section 1.5.1). The server does not generate an error; instead, it ignores the unknown data and proceeds to authenticate the client.
KILE MUST support the KRB_ERR_RESPONSE_TOO_BIG error message ([RFC4120] section 7.2.1).