2 files changed, 21 insertions, 9 deletions

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 1682a345b..d2498a82c 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2786,15 +2786,6 @@ k5alloc(size_t len, krb5_error_code *code)
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5int_pac_sign(krb5_context context,
-                 krb5_pac pac,
-                 krb5_timestamp authtime,
-                 krb5_const_principal principal,
-                 const krb5_keyblock *server_key,
-                 const krb5_keyblock *privsvr_key,
-                 krb5_data *data);
-
-krb5_error_code KRB5_CALLCONV
 krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
                               krb5_ccache ccache,
                               krb5_creds *in_creds,
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 3d9dbbfb7..33279774b 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -7495,6 +7495,27 @@ krb5_pac_verify(krb5_context context, const krb5_pac pac,
                 const krb5_keyblock *server, const krb5_keyblock *privsvr);
 
 /**
+ * Sign a PAC.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  pac             PAC handle
+ * @param [in]  authtime        Expected timestamp
+ * @param [in]  principal       Expected principal name (or NULL)
+ * @param [in]  server          Key for server checksum
+ * @param [in]  privsvr         Key for KDC checksum
+ * @param [out] data            Signed PAC encoding
+ *
+ * This function signs @a pac using the keys @a server and @a privsvr and
+ * returns the signed encoding in @a data.  @a pac is modified to include the
+ * server and KDC checksum buffers.  Use krb5_free_data_contents() to free @a
+ * data when it is no longer needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+              krb5_const_principal principal, const krb5_keyblock *server_key,
+              const krb5_keyblock *privsvr_key, krb5_data *data);
+
+/**
  * Allow the appplication to override the profile's allow_weak_crypto setting.
  *
  * @param [in] context          Library context