Multiple domain referral patch and Kerberos 1.31

[Sam Hartman]

>>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:

    Kevin> No referral is issued unless the client sets the
    Kevin> KDC_OPT_NAME_CANONICALI ZE option flag in the TGS request.
    Kevin> So a client should never get a referral that is unexpected.

Ah, so this doesn't implement the closest domain referal for krbtgt
described in RFC 1510?

I would sort of have assumed you'd do that if you were implementing
the Microsoft option.