Version 5 of the Kerberos protocol supports a myriad of options.
Among these are multiple encryption and checksum types, alternative
encoding schemes for the transited field, optional mechanisms for
pre-authentication, the handling of tickets with no addresses,
options for mutual authentication, user to user authentication,
support for proxies, forwarding, postdating, and renewing tickets,
the format of realm names, and the handling of authorization data.
In order to ensure the interoperability of realms, it is necessary to
define a minimal configuration which must be supported by all
implementations. This minimal configuration is subject to change as
technology does. For example, if at some later date it is discovered
that one of the required encryption or checksum algorithms is not
secure, it will be replaced.
