Kerberos V.5 user validation for the secure rcmds

When using the Kerberos V.5 authentication method, the TCP/IP client gets a service ticket encrypted for the TCP/IP server. When the server decrypts the ticket, it has a secure method of identifying the user (by DCE or Native principal).

However, it still needs to determine if this DCE or Native principal is allowed access to the local account. Mapping the DCE or Native principal to the local operating system account is handled by a shared library, libvaliduser.a, which has a single subroutine, kvalid_user. If a different method of mapping is preferred, the system administrator must provide an alternative for the libvaliduser.a library.