Review ofhttp://k5wiki.kerberos.org/wiki/Projects/PAC_and_principal_APIs ending January 10

[Love Hörnquist Åstrand]

Sam, Luke,

In heimdal I use KRB5_PRINCIPAL_UNPARSE_NO_REALM for the logon name,  
and not SHORT name.

That said, I think the logon name needs to be passed in and later  
verified by the caller/plugin/something other than the KDC since the  
KDC doesn't have enough information about that the Windows LOGON name  
actually is.

Love