Clarify sign_authdata() KDB method comments

author Isaac Boukris <iboukris@gmail.com>

Wed, 12 Sep 2018 13:32:57 +0000 (16:32 +0300)

committer Greg Hudson <ghudson@mit.edu>

Wed, 26 Sep 2018 22:41:25 +0000 (18:41 -0400)
author Isaac Boukris <iboukris@gmail.com>
Wed, 12 Sep 2018 13:32:57 +0000 (16:32 +0300)
committer Greg Hudson <ghudson@mit.edu>
Wed, 26 Sep 2018 22:41:25 +0000 (18:41 -0400)
diff --git a/src/include/kdb.h b/src/include/kdb.h

index 5615329c0bb35e72c86a7d5e9ecdd37d1db8c476..7f11829de288e1f22ef3fbfa11c72cb8702d1fb1 100644 (file)
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -1257,14 +1257,15 @@ typedef struct _kdb_vftabl {
       *
       *   flags: The flags used to look up the client principal.
       *
-     *   client_princ: For S4U2Proxy TGS requests, the client principal
-     *     requested by the service; for regular TGS requests, the
+     *   client_princ: For S4U2Self and S4U2Proxy TGS requests, the client
+     *     principal requested by the service; for regular TGS requests, the
       *     possibly-canonicalized client principal.
       *
       *   client: The DB entry of the client.  For S4U2Self, this will be the DB
       *     entry for the client principal requested by the service).
       *
-     *   server: The DB entry of the service principal.
+     *   server: The DB entry of the service principal, or of a cross-realm
+     *     krbtgt principal in case of referral.
       *
       *   krbtgt: For TGS requests, the DB entry of the server of the ticket in
       *     the PA-TGS-REQ padata; this is usually a local or cross-realm krbtgt
author	Isaac Boukris <iboukris@gmail.com>
	Wed, 12 Sep 2018 13:32:57 +0000 (16:32 +0300)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 26 Sep 2018 22:41:25 +0000 (18:41 -0400)