krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.¶
-
krb5_error_code
krb5_pac_verify_ext
(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm)¶
param: | [in] context - Library context [in] pac - PAC handle [in] authtime - Expected timestamp [in] principal - Expected principal name (or NULL) [in] server - Key to validate server checksum (or NULL) [in] privsvr - Key to validate KDC checksum (or NULL) [in] with_realm - If true, expect the realm of principal |
---|
This function is similar to krb5_pac_verify()
, but adds a parameter with_realm . If with_realm is true, the PAC_CLIENT_INFO field is expected to include the realm of principal as well as the name. This flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs.
Note
New in 1.17