krb5_boolean
krb5_aname_to_localname(
krb5_context context
krb5_const_principal name
size_t lnsize
char *lname
)
name
,
verifies that it is in the local realm (using
krb5_get_default_realms(
))
and then returns the local name of the principal.
If
name
isn't in one of the local realms an error is returned.
If the size
(
lnsize
)
of the local name
(
lname
)
is too small, an error is returned.
krb5_aname_to_localname()
should only be use by an application that implements protocols that
don't transport the login name and thus needs to convert a principal
to a local name.
Protocols should be designed so that they authenticate using
Kerberos, send over the login name and then verify the principal
that is authenticated is allowed to login and the login name.
A way to check if a user is allowed to login is using the function
krb5_kuserok().