Obtaining Kerberos Tickets without the Microsoft PAC

[Sam Hartman]

Doug, I presume that if you want Microsoft to do anything with your
change you're going to submit it to them somehow.

Also, I tend to believe that even if they add a service principal
option, they should respect the pa-data type in tgs requests.

I assume that you were not submitting this patch for inclusion in MIT
Kerberos but were just giving a copy to the developer community.  As
you know, you would want to open a bug report with the patch if you
want us to consider it for inclusion.

If you do submit the patch for inclusion, you'd probably want to at
least make the API for setting the option take a boolean to turn it on
or off.  Of course you cannot implement it as a boolean because you
cannot expand the init_creds structure exposed in the ABI.  In
addition, you would probably need to include a config file option for
setting the default value.