Provided by: heimdal-dev_1.6~git20120311.dfsg.1-2_amd64 bug


     krb5_aname_to_localname — converts a principal to a system local name


     Kerberos 5 Library (libkrb5, -lkrb5)


     #include <krb5.h>

     krb5_aname_to_localname(krb5_context context, krb5_const_principal name, size_t lnsize,
         char *lname);


     This function takes a principal name, verifies that it is in the local realm (using
     krb5_get_default_realms()) and then returns the local name of the principal.

     If name isn't in one of the local realms an error is returned.

     If the size (lnsize) of the local name (lname) is too small, an error is returned.

     krb5_aname_to_localname() should only be use by an application that implements protocols
     that don't transport the login name and thus needs to convert a principal to a local name.

     Protocols should be designed so that they authenticate using Kerberos, send over the login
     name and then verify the principal that is authenticated is allowed to login and the login
     name.  A way to check if a user is allowed to login is using the function krb5_kuserok().


     krb5_get_default_realms(3), krb5_kuserok(3)