This function takes a principal name, verifies its in the local realm (using krb5_get_default_realms) and then returns the local name of the principal.
If name isnt in one of the local realms and error is returned.
If size ( lnsize) of the local name ( lname) is to small, an error is returned.
krb5_aname_to_localname should only be use by application that implements protocols that doesnt transport the login name and thus needs to convert a principal to a local name.
Protocols should be designed so that the it autheticates using Kerberos, send over the login name and then verifies in the principal that authenticated is allowed to login and the login name. A way to check if a user is allowed to login is using the function krb5_kuserok.