1krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm. 2====================================================================== 3 4.. 5 6.. c:function:: krb5_error_code krb5_pac_verify_ext(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm) 7 8.. 9 10 11:param: 12 13 **[in]** **context** - Library context 14 15 **[in]** **pac** - PAC handle 16 17 **[in]** **authtime** - Expected timestamp 18 19 **[in]** **principal** - Expected principal name (or NULL) 20 21 **[in]** **server** - Key to validate server checksum (or NULL) 22 23 **[in]** **privsvr** - Key to validate KDC checksum (or NULL) 24 25 **[in]** **with_realm** - If true, expect the realm of *principal* 26 27 28.. 29 30 31 32.. 33 34 35 36 37 38 39 40This function is similar to krb5_pac_verify(), but adds a parameter *with_realm* . If *with_realm* is true, the PAC_CLIENT_INFO field is expected to include the realm of *principal* as well as the name. This flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs. 41 42 43 44 45 46 47 48 49 50 51.. 52 53 54 55 56.. note:: 57 58 New in 1.17 59 60 61