Converts a principal name aname to a local name suitable for use by programs wishing a translation to an environment-specific name (e.g. user account name).
lnsize specifies the maximum length name that is to be filled into lname. The translation will be null terminated in all non-error returns.
Returns system errors.
Given a Kerberos principal principal, and a local username luser, determine whether user is authorized to login to the account luser. Returns TRUE if authorized, FALSE if not authorized.
Given a hostname hostname and a generic service name sname, this function generates a full principal name to be used when authenticating with the named service on the host. The full prinicpal name is returned in ret_princ.
The realm of the principal is determined internally by calling krb5_get_host_realm.
The type argument controls how krb5_sname_to_principal generates the principal name, ret_princ, for the named service, sname. Currently, two values are supported: KRB5_NT_SRV_HOST, and KRB5_NT_UNKNOWN.
If type is set to KRB5_NT_SRV_HOST, the hostname will be canonicalized, i.e. a fully qualified lowercase hostname using the primary name and the domain name, before ret_princ is generated in the form "sname/hostname@LOCAL.REALM." Most applications should use KRB5_NT_SRV_HOST.
However, if type is set to KRB5_NT_UNKNOWN, while the generated principal name will have the form "sname/hostname@LOCAL.REALM" the hostname will not be canonicalized first. It will appear exactly as it was passed in hostname.
The caller should release ret_princ's storage by calling krb5_free_principal when it is finished with the principal.