Allow cross-realm RBCD with PAC and other authdata For cross-realm S4U2Proxy requests, require a PAC to be present to bypass signedpath verification, but do not require it to be the only authdata element. For within-realm requests, add and verify signedpath authdata regardless of the presence of a PAC. Simplify the test KDB authdata module and the existing RBCD tests as we no longer need a way to suppress the test module's KDB authdata. [ghudson@mit.edu: rewrote commit message; reordered a condition for efficiency] (cherry picked from commit 94f7c9705879500b1dc8dda8592490efce05688f) https://github.com/krb5/krb5/commit/17570dd94056df70c19108c14d46cd6132509e6a Author: Isaac Boukris Committer: Greg Hudson Commit: 17570dd94056df70c19108c14d46cd6132509e6a Branch: krb5-1.18 src/include/kdb.h | 6 +++--- src/kdc/kdc_authdata.c | 21 ++++++++------------- src/plugins/kdb/test/kdb_test.c | 23 ++++++----------------- src/tests/gssapi/t_s4u.py | 3 --- 4 files changed, 17 insertions(+), 36 deletions(-)