1.3.5 KILE Synopsis
By extending the authorization data ([RFC4120] section 5.2.6), KILE provides the server with additional information such as:
Group membership
Claims
Interactive logon information
Integrity levels
By extending FAST, KILE provides the server with additional information such as:
Group membership and claims for the computer on which the client is running
By extending the KDC's account database, KILE provides control at the principal level for things such as delegation and Data Encryption Standard (DES) usage.
How authorization is accomplished using Privilege Attribute Certificate (PAC) data is described in [MS-PAC].