diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-12-07 19:38:32 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-12-07 19:38:32 +0000 |
| commit | 1e34efd28bd6c7eae84b19f71c87b2ea58939c1a (patch) | |
| tree | 9a73adadebbb95841d3c72e76f4934ce1b0f6a4a /src/include | |
| parent | ad1c58d1e5a2fc7382a9c641468c46d3c9d12996 (diff) | |
| download | krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.tar.gz krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.tar.xz krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.zip | |
Allow null server key to krb5_pac_verify
When the KDC verifies a PAC, it doesn't really need to check the
server signature, since it can't trust that anyway. Allow the caller
to pass only a TGT key.
ticket: 7048
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25532 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/krb5/krb5.hin | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index f3d0225a0d..83c2dc7214 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -7506,13 +7506,13 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, * @param [in] pac PAC handle * @param [in] authtime Expected timestamp * @param [in] principal Expected principal name (or NULL) - * @param [in] server Key to validate server checksum + * @param [in] server Key to validate server checksum (or NULL) * @param [in] privsvr Key to validate KDC checksum (or NULL) * * This function validates @a pac against the supplied @a server, @a privsvr, * @a principal and @a authtime. If @a principal is NULL, the principal and - * authtime are not verified. If @a privsvr is NULL, the KDC checksum is not - * verified. + * authtime are not verified. If @a server or @a privsvr is NULL, the + * corresponding checksum is not verified. * * If successful, @a pac is marked as verified. * |