- Person travels abroad. When authenticating to his corporate Kerberos-enabled system, he uses some location-related measurement Device together with other authentication means. The information from the Device - such as geographical and/or DNS location - is encrypted and passed to the KDC with the initial request. There it is evaluated by a designated service and, based on the result of the evaluation, KDC proceeds with issuing, or not, the ticket.
- Use geolocation for Audit.
Define a new Geolocation policy and create an infrastructure to allow KDC to deal with the geolocation information.