Comment 1 for bug 1777776

Any idea why upstream sets krb5_validate to false by default? I presume because this would require the extra step of creating a service ticket for the host where the login happened, if I understood it correctly?