--- pac.patched	Thu Jul  1 10:16:32 2010
+++ pac.c	Thu Jul  1 14:32:35 2010
@@ -373,6 +373,7 @@
     version = load_32_le(p);
     p += 4;
 
+
     if (version != 0)
         return EINVAL;
 
@@ -394,6 +395,7 @@
     pac->pac->cBuffers = cbuffers;
     pac->pac->Version = version;
 
+fprintf(stderr,"%s:%d cbuffers=%d version=%d\n",__FUNCTION__,__LINE__, cbuffers, version);
     for (i = 0; i < pac->pac->cBuffers; i++) {
         PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
 
@@ -404,6 +406,9 @@
         buffer->Offset = load_64_le(p);
         p += 8;
 
+fprintf(stderr,"%s:%d i=%d ulType=%d cbBufferSize=%d Offset=%d\n",__FUNCTION__,__LINE__,
+			i, buffer->ulType, buffer->cbBufferSize, buffer->Offset) ;
+
         if (buffer->Offset % PAC_ALIGNMENT) {
             krb5_pac_free(context, pac);
             return EINVAL;
@@ -549,6 +554,10 @@
 
     if (buffer->cbBufferSize < PAC_SIGNATURE_DATA_LENGTH)
         return KRB5_BAD_MSIZE;
+fprintf(stderr,"%s:%d  type=%d %d %d\n",__FUNCTION__,__LINE__, type, 
+load_32_le(data->data + buffer->Offset + PAC_SIGNATURE_DATA_LENGTH -4),
+buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH);
+
 
     /* Zero out the data portion of the checksum only */
     memset(data->data + buffer->Offset + PAC_SIGNATURE_DATA_LENGTH,
@@ -1093,6 +1102,8 @@
                            req->ticket->enc_part2->client,
                            key,
                            NULL);
+fprintf(stderr,"%s:%d First verify code=%d\n",__FUNCTION__,__LINE__,code);
+
     if (code == KRB5_BAD_ENCTYPE &&
         keytab != NULL &&
         keytab->ops->start_seq_get != NULL) {
@@ -1100,9 +1111,9 @@
         krb5_kt_cursor cursor;
         krb5_keytab_entry ktent;
 
-        for (code2 = krb5_kt_start_seq_get(kcontext, keytab, &cursor);
-             code2 == 0;
-             code2 = krb5_kt_next_entry(kcontext, keytab, &ktent, &cursor)) {
+		code2 = krb5_kt_start_seq_get(kcontext, keytab, &cursor);
+		if (code2 == 0) {
+        while((code2 = krb5_kt_next_entry(kcontext, keytab, &ktent, &cursor) == 0)) {
             if (server != NULL &&
                 !krb5_principal_compare(kcontext, ktent.principal, server)) {
                 krb5_free_keytab_entry_contents(kcontext, &ktent);
@@ -1114,6 +1125,9 @@
                                     req->ticket->enc_part2->client,
                                     &ktent.key,
                                     NULL);
+fprintf(stderr,"%s:%d retry verify code2=%d enctype=%d pac->verified=%d\n",__FUNCTION__,__LINE__,
+code2, ktent.key.enctype, pacctx->pac->verified);
+
             krb5_free_keytab_entry_contents(kcontext, &ktent);
             if (code2 == 0) {
                 code = 0;
@@ -1122,6 +1136,7 @@
         }
 
         code2 = krb5_kt_end_seq_get(kcontext, keytab, &cursor);
+		}
         if (code2 != 0)
             code = code2;
     }