From 47ce02eeccb70a6fa08ce391ecb5a3ce42278fbf Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Wed, 12 Sep 2018 16:32:57 +0300
Subject: [PATCH] Clarify sign_authdata() KDB method comments

---
 src/include/kdb.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/include/kdb.h b/src/include/kdb.h
index 5615329c0b..7f11829de2 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -1257,14 +1257,15 @@ typedef struct _kdb_vftabl {
      *
      *   flags: The flags used to look up the client principal.
      *
-     *   client_princ: For S4U2Proxy TGS requests, the client principal
-     *     requested by the service; for regular TGS requests, the
+     *   client_princ: For S4U2Self and S4U2Proxy TGS requests, the client
+     *     principal requested by the service; for regular TGS requests, the
      *     possibly-canonicalized client principal.
      *
      *   client: The DB entry of the client.  For S4U2Self, this will be the DB
      *     entry for the client principal requested by the service).
      *
-     *   server: The DB entry of the service principal.
+     *   server: The DB entry of the service principal, or of a cross-realm
+     *     krbtgt principal in case of referral.
      *
      *   krbtgt: For TGS requests, the DB entry of the server of the ticket in
      *     the PA-TGS-REQ padata; this is usually a local or cross-realm krbtgt
-- 
2.47.2