s4:kdc: Add comment to clarify that we fetch the client claims

author Joseph Sutton <josephsutton@catalyst.net.nz>

Thu, 22 Jun 2023 23:55:24 +0000 (11:55 +1200)

committer Stefan Metzmacher <metze@samba.org>

Mon, 26 Jun 2023 11:10:31 +0000 (11:10 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Thu, 22 Jun 2023 23:55:24 +0000 (11:55 +1200)
committer Stefan Metzmacher <metze@samba.org>
Mon, 26 Jun 2023 11:10:31 +0000 (11:10 +0000)
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c

index bd7c3ce634d2eeb80c9408b17c7c39f5aa687fea..e6fc630006a1d340ee58eea190ffdeb81a673978 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -2414,6 +2414,12 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
  
                 if (device_pac_is_trusted) {
                         krb5_data device_claims_data;
+
+                       /*
+                        * [MS-KILE] 3.3.5.7.4 Compound Identity: the client
+                        * claims from the device PAC become the device claims
+                        * in the new PAC.
+                        */
                         code = krb5_pac_get_buffer(context, device_pac,
                                                    PAC_TYPE_CLIENT_CLAIMS_INFO,
                                                    &device_claims_data);
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Thu, 22 Jun 2023 23:55:24 +0000 (11:55 +1200)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 26 Jun 2023 11:10:31 +0000 (11:10 +0000)