3.1.5.5 Other Elements and Options

The Kerberos V5 protocol defines optional authorization data elements ([RFC4120] section 5.2.6).

KILE has added the following elements:

• AD-AUTH-DATA-AP-OPTIONS (section 3.2.5.8).

• KERB_AUTH_DATA_TOKEN_RESTRICTIONS (141) (sections 3.2.5.8 and 3.4.5.3).

KILE does not support the following elements:

• The AD-KDC-ISSUED element ([RFC4120] section 5.2.6.2).

• The AD-AND-OR element ([RFC4120] section 5.2.6.3).

• The AD-MANDATORY-FOR-KDC element ([RFC4120] section 5.2.6.4).

KILE does not fail on unknown authorization data ([RFC4120] section 1.5.1). The server does not generate an error; instead, it ignores the unknown data and proceeds to authenticate the client.

KILE MUST support the KRB_ERR_RESPONSE_TOO_BIG error message ([RFC4120] section 7.2.1).