GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  K5LOGIN (5)

NAME

k5login - Kerberos V5 acl file for host access \$1 \n[an-margin] level \n[rst2man-indent-level] level margin: \n[rst2man-indent\n[rst2man-indent-level]] - \n[rst2man-indent0] \n[rst2man-indent1] \n[rst2man-indent2]

CONTENTS

Description
Examples
See Also
Author
Copyright

DESCRIPTION

The .k5login file, which resides in a user\(aqs home directory, contains a list of the Kerberos principals. Anyone with valid tickets for a principal in the file is allowed host access with the UID of the user in whose home directory the file resides. One common use is to place a .k5login file in root\(aqs home directory, thereby granting system administrators remote root access to the host via Kerberos.

EXAMPLES

Suppose the user alice had a .k5login file in her home directory containing just the following line:


bob@FOOBAR.ORG


This would allow bob to use Kerberos network applications, such as ssh(1), to access alice\(aqs account, using bob\(aqs Kerberos tickets. In a default configuration (with k5login_authoritative set to true in krb5.conf(5)), this .k5login file would not let alice use those network applications to access her account, since she is not listed! With no .k5login file, or with k5login_authoritative set to false, a default rule would permit the principal alice in the machine\(aqs default realm to access the alice account.

Let us further suppose that alice is a system administrator. Alice and the other system administrators would have their principals in root\(aqs .k5login file on each host:


alice@BLEEP.COM

joeadmin/root@BLEEP.COM

This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root password. Note that because bob retains the Kerberos tickets for his own principal, bob@FOOBAR.ORG, he would not have any of the privileges that require alice\(aqs tickets, such as root access to any of the site\(aqs hosts, or the ability to change alice\(aqs password.

SEE ALSO

kerberos(1)

AUTHOR

MIT

COPYRIGHT

1985-2016, MIT
Search for    or go to Top of page |  Section 5 |  Main Index


1.14.1 K5LOGIN (5)

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.