krb5_pac_verify_ext -  Verify a PAC, possibly from a specified realm. 
======================================================================

..

.. c:function:: krb5_error_code krb5_pac_verify_ext(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm)

..


:param:

	          **[in]** **context** - Library context

	          **[in]** **pac** - PAC handle

	          **[in]** **authtime** - Expected timestamp

	          **[in]** **principal** - Expected principal name (or NULL)

	          **[in]** **server** - Key to validate server checksum (or NULL)

	          **[in]** **privsvr** - Key to validate KDC checksum (or NULL)

	          **[in]** **with_realm** - If true, expect the realm of *principal*


..



..







This function is similar to :c:func:`krb5_pac_verify()` , but adds a parameter *with_realm* . If *with_realm* is true, the PAC_CLIENT_INFO field is expected to include the realm of *principal* as well as the name. This flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs.










..




.. note::

	 New in 1.17
 

