From e238fb8fde3459051be007effe61180644fabd28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 17 May 2005 14:18:47 +0000
Subject: [PATCH] document KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15161 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/krb5_auth_context.3 | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/krb5_auth_context.3 b/lib/krb5/krb5_auth_context.3
index b3a3fc0f5..20fee51a8 100644
--- a/lib/krb5/krb5_auth_context.3
+++ b/lib/krb5/krb5_auth_context.3
@@ -217,7 +217,22 @@ Generate and check sequence-number on each packet.
 .It Dv KRB5_AUTH_CONTEXT_DO_TIME
 Check timestamp on incoming packets.
 .It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE , Dv KRB5_AUTH_CONTEXT_RET_TIME
-Return sequence numbers and time stamps in the outdata parameter of
+Return sequence numbers and time stamps in the outdata parameters.
+.It Dv KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
+will force
+.Fn krb5_get_forwarded_creds
+and
+.Fn krb5_fwd_tgt_creds
+to create unencrypted )
+.Dv ENCTYPE_NULL )
+credentials.
+This is for use with old MIT server and JAVA based servers as
+they can't handle encrypted
+.Dv KRB-CRED .
+Note that sending such
+.Dv KRB-CRED
+is clear exposes crypto keys and tickets and is insecure,
+make sure the packet is encrypted in the protocol.
 .Xr krb5_rd_cred 3 ,
 .Xr krb5_rd_priv 3 ,
 .Xr krb5_rd_safe 3 ,