Kerberos Version 5 user validation

The Kerberos Version 5 authentication method can be used to validate a user.

When using the Kerberos Version 5 authentication method, the TCP/IP client gets a service ticket encrypted for the TCP/IP server. When the server decrypts the ticket, it has a secure method of identifying the user (by DCE or local principal). However, the server must determine if this DCE or local principal is allowed access to the local account. Mapping the DCE or local principal to the local operating system account is handled by a shared library, libvaliduser.a, which has a single subroutine, called kvalid_user. If a different method of mapping is preferred, the system administrator must provide an alternative for the libvaliduser.a library.