add some comments about the last commit

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22731 dc483132-0cff-0310-8789-dd5450dbe970
author: Luke Howard <lukeh@padl.com> 2009-09-11 17:30:30 +0000
committer: Luke Howard <lukeh@padl.com> 2009-09-11 17:30:30 +0000
commit: d1613f97963d60ee6aeccab4333ce714f21f70b7 (patch)
tree: f0309e7bf329de217a8c1823cd7f26fe4d6619ff
parent: 4a9dcf68b7ba2e3e4e9fe24eba58cc467829d7b3 (diff)
download: krb5-d1613f97963d60ee6aeccab4333ce714f21f70b7.zip
krb5-d1613f97963d60ee6aeccab4333ce714f21f70b7.tar.gz
krb5-d1613f97963d60ee6aeccab4333ce714f21f70b7.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index e2e92ec..621edb8 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -2151,7 +2151,12 @@ kdc_process_s4u2self_req(krb5_context context,
      * up the server principal and decoding KRB5_TL_SVR_REFERRAL_DATA).
      *
      * The comparison below will work with existing Windows and MIT
-     * client implementations.
+     * client implementations. The following referrals, the realm name
+     * will be rewritten; for a host-based service name, we can ignore
+     * the realm when performing this comparison, because sufficient
+     * qualifying information is included in the principal name. For
+     * Enterprise principal names can be compared with their unparsed
+     * canonical name. Otherwise, we require an exact match.
      */
 
     flags = 0;
author	Luke Howard <lukeh@padl.com>	2009-09-11 17:30:30 +0000
committer	Luke Howard <lukeh@padl.com>	2009-09-11 17:30:30 +0000
commit	d1613f97963d60ee6aeccab4333ce714f21f70b7 (patch)
tree	f0309e7bf329de217a8c1823cd7f26fe4d6619ff
parent	4a9dcf68b7ba2e3e4e9fe24eba58cc467829d7b3 (diff)
download	krb5-d1613f97963d60ee6aeccab4333ce714f21f70b7.zip krb5-d1613f97963d60ee6aeccab4333ce714f21f70b7.tar.gz krb5-d1613f97963d60ee6aeccab4333ce714f21f70b7.tar.bz2