This routine maps the DCE principal to the local user account and determines if the DCE principal is allowed access to the account.
Valid User Library (libvaliduser.a)
int kvalid_user (char *princ_name, char *local_user)
This routine is called when Kerberos 5 authentication is configured to determine if the incoming Kerberos 5 ticket should allow access to the local account.
This routine determines whether the DCE principal, specified by the princ_name parameter, is allowed access to the user's account identified by the local_user parameter. The routine accesses the $HOME/.k5login file for the users account. It looks for the string pointed to by princ_name in that file.
Access is granted if one of two things is true.
princ_name | This parameter is a single-string representation of the Kerberos 5 principal. The Kerberos 5 libraries have two services, krb5_unparse_name and krb5_parse_name, which convert a krb5_principal structure to and from a single-string format. This routine expects the princ_name parameter to be a single-string form of the krb5_principal structure. |
local_user | This parameter is the character string holding the name of the local account. |
If the user is allowed access to the account, the kvalid_user routine returns TRUE.
If the user is NOT allowed access to the account or there was an error, the kvalid_user routine returns FALSE.
The ftp command, rcp command, rlogin command, rsh command, telnet, tn, or tn3270 command.
Using a .k5login file.
Network Overview in AIX 5L Version 5.2 System Management Guide: Communications and Networks.
Secure Rcmds in AIX 5L Version 5.2 System User's Guide: Communications and Networks.