From e6e9e8f094c2d4bca17a4b130785dccf871054cc Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 19 Jul 2010 04:30:47 +0000 Subject: [PATCH] In the DAL documentation, describe how a module can supply referral encrypted padata. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24190 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/kdb.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/include/kdb.h b/src/include/kdb.h index c572f8b56..e4970e72a 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -908,7 +908,10 @@ typedef struct _kdb_vftabl { * also set), the module should do so by simply filling in an out-of-realm * name in entries->princ and setting all other fields to NULL. Otherwise, * the module should return the entry for the cross-realm TGS of the - * referred-to realm. + * referred-to realm. For TGS referals, the module can also include + * tl-data of type KRB5_TL_SERVER_REFERRAL containing ASN.1-encoded Windows + * referral data as documented in draft-ietf-krb-wg-kerberos-referrals-11 + * appendix A; this will be returned to the client as encrypted padata. */ krb5_error_code (*get_principal)(krb5_context kcontext, krb5_const_principal search_for, -- 2.26.2