Better fix for not using expired TGTs in TGS-REQs

We want to generate a KRB5_AP_ERR_TKT_EXPIRED code when the TGT is
expired, like we would if we tried the TGT against the KCD.  To make
this work, separate the helpers for getting local and crossrealm
cached TGTs.  For a crossrealm TGT, match against the endtime, as
there could be multiple entries.  For a local TGT, find any match, but
check if it's expired.  The cache_code field is no longer needed after
this change, so get rid of it.

ticket: 6948

0 files changed, 0 insertions, 0 deletions