receive packet; if (packet.pvno != 5) then either process using other protocol spec or error_out(KRB_AP_ERR_BADVERSION); endif if (packet.msg-type != KRB_PRIV) then error_out(KRB_AP_ERR_MSG_TYPE); endif cleartext := decrypt(packet.enc-part) using negotiated key; if (decryption_error()) then error_out(KRB_AP_ERR_BAD_INTEGRITY); endif if (safe_priv_common_checks_ok(cleartext)) then return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED); else return common_checks_error; endif