+/** Verify a PAC.
+ *
+ * @param [in] context Context structure
+ * @param [in] pac PAC handle
+ * @param [in] authtime Timestamp to be compared with one in @a pac
+ * @param [in] principal If non-null, use it to validate PAC's client name
+ * and ticket information.
+ * @param [in] server Compare it with PAC'c server checksum.
+ * Must not be NULL.
+ * @param [in] privsvr If non-null, compare it with PAC'c KDC checksum
+ *
+ * This function validates @a pac against the supplied @a server, @a privsvr,
+ * @a principal and @a authtime and then, if successful, sets @a pac->verified
+ * to TRUE.
+ *
+ * @note A checksum mismatch can occur if the PAC was copied from a cross-realm
+ * TGT by an ignorant KDC; also Apple Mac OS X Server Open Directory (as of 10.6)
+ * generates PACs with no server checksum at all. One should consider not failing
+ * the whole authentication because of this reason, but, instead, marking PAC
+ * as not verified.
+ *
+ * @retval 0 Success; Otherwise - Kerberos error codes
+ */