xrealm_non_transitive not trust_non_transitive

Kerberos does not imply trust in the existence of a cross-realm key.
Trust is implied  when a foreign principal is placed on an ACL: the remote realm
is trusted to authenticate that principal and is trusted
not to confuse one principal with another.
Keep terminology consistent.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21693 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 4 insertions, 4 deletions

diff --git a/src/include/kdb_ext.h b/src/include/kdb_ext.h
index d7f00fbcb..0a2cc9c01 100644
--- a/src/include/kdb_ext.h
+++ b/src/include/kdb_ext.h
@@ -39,8 +39,8 @@
 #define KRB5_KDB_NO_AUTH_DATA_REQUIRED	0x00400000
 /* Private flag used to indicate principal is local TGS */
 #define KRB5_KDB_TICKET_GRANTING_SERVICE	0x01000000
-/* Private flag used to indicate trust is non-transitive */
-#define KRB5_KDB_TRUST_NON_TRANSITIVE		0x02000000
+/* Private flag used to indicate xrealm relationship  is non-transitive */
+#define KRB5_KDB_xrealm_NON_TRANSITIVE		0x02000000
 
 /* Entry get flags */
 /* Name canonicalization requested */
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index a3628cf91..0caf8a592 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -2197,12 +2197,12 @@ validate_transit_path(krb5_context context,
 		      krb5_db_entry *krbtgt)
 {
     /* Incoming */
-    if (isflagset(server->attributes, KRB5_KDB_TRUST_NON_TRANSITIVE)) {
+    if (isflagset(server->attributes, KRB5_KDB_xrealm_NON_TRANSITIVE)) {
 	return KRB5KDC_ERR_PATH_NOT_ACCEPTED;
     }
 
     /* Outgoing */
-    if (isflagset(krbtgt->attributes, KRB5_KDB_TRUST_NON_TRANSITIVE) &&
+    if (isflagset(krbtgt->attributes, KRB5_KDB_xrealm_NON_TRANSITIVE) &&
 	(!krb5_principal_compare(context, server->princ, krbtgt->princ) ||
 	 !krb5_realm_compare(context, client, krbtgt->princ))) {
 	return KRB5KDC_ERR_PATH_NOT_ACCEPTED;