Share via

1.3.5 KILE Synopsis

  • Article

By extending the authorization data ([RFC4120] section 5.2.6), KILE provides the server with additional information such as:

  • Group membership

  • Claims

  • Interactive logon information

  • Integrity levels

By extending FAST, KILE provides the server with additional information such as:

  • Group membership and claims for the computer on which the client is running

By extending the KDC's account database, KILE provides control at the principal level for things such as delegation and Data Encryption Standard (DES) usage.

How authorization is accomplished using Privilege Attribute Certificate (PAC) data is described in [MS-PAC].