1 krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.
2 ======================================================================
6 .. c:function:: krb5_error_code krb5_pac_verify_ext(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm)
13 **[in]** **context** - Library context
15 **[in]** **pac** - PAC handle
17 **[in]** **authtime** - Expected timestamp
19 **[in]** **principal** - Expected principal name (or NULL)
21 **[in]** **server** - Key to validate server checksum (or NULL)
23 **[in]** **privsvr** - Key to validate KDC checksum (or NULL)
25 **[in]** **with_realm** - If true, expect the realm of *principal*
40 This function is similar to :c:func:`krb5_pac_verify()` , but adds a parameter *with_realm* . If *with_realm* is true, the PAC_CLIENT_INFO field is expected to include the realm of *principal* as well as the name. This flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs.