1krb5_kdc_verify_ticket - Verify a PAC, possibly including ticket signature. 2============================================================================= 3 4.. 5 6.. c:function:: krb5_error_code krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part * enc_tkt, krb5_const_principal server_princ, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_pac * pac_out) 7 8.. 9 10 11:param: 12 13 **[in]** **context** - Library context 14 15 **[in]** **enc_tkt** - Ticket enc-part, possibly containing a PAC 16 17 **[in]** **server_princ** - Canonicalized name of ticket server 18 19 **[in]** **server** - Key to validate server checksum (or NULL) 20 21 **[in]** **privsvr** - Key to validate KDC checksum (or NULL) 22 23 **[out]** **pac_out** - Verified PAC (NULL if no PAC included) 24 25 26.. 27 28 29:retval: 30 - 0 Success; otherwise - Kerberos error codes 31 32 33.. 34 35 36 37 38 39 40 41If a PAC is present in *enc_tkt* , verify its signatures. If *privsvr* is not NULL and *server_princ* is not a krbtgt or kadmin/changepw service, require a ticket signature over *enc_tkt* in addition to the KDC signature. Place the verified PAC in *pac_out* . If an invalid PAC signature is found, return an error matching the Windows KDC protocol code for that condition as closely as possible. 42 43 44 45If no PAC is present in *enc_tkt* , set *pac_out* to NULL and return successfully. 46 47 48 49 50 51 52 53 54 55 56.. 57 58 59 60 61 62 63.. note:: 64 65 This function does not validate the PAC_CLIENT_INFO buffer. If a specific value is expected, the caller can make a separate call to krb5_pac_verify_ext() with a principal but no keys. 66 67 68 69.. note:: 70 71 New in 1.20 72 73 74