Manual Reference Pages - K5LOGIN (5)
k5login - Kerberos V5 acl file for host access
level margin: \n[rst2man-indent\n[rst2man-indent-level]]
The .k5login file, which resides in a users home directory, contains
a list of the Kerberos principals. Anyone with valid tickets for a
principal in the file is allowed host access with the UID of the user
in whose home directory the file resides. One common use is to place
a .k5login file in roots home directory, thereby granting system
administrators remote root access to the host via Kerberos.
Suppose the user alice had a .k5login file in her home directory
containing just the following line:
This would allow bob to use Kerberos network applications, such as
ssh(1), to access alices account, using bobs Kerberos
tickets. In a default configuration (with k5login_authoritative set
to true in krb5.conf(5)), this .k5login file would not let
alice use those network applications to access her account, since
she is not listed! With no .k5login file, or with k5login_authoritative
set to false, a default rule would permit the principal alice in the
machines default realm to access the alice account.
Let us further suppose that alice is a system administrator.
Alice and the other system administrators would have their principals
in roots .k5login file on each host:
This would allow either system administrator to log in to these hosts
using their Kerberos tickets instead of having to type the root
password. Note that because bob retains the Kerberos tickets for
his own principal, bob@FOOBAR.ORG, he would not have any of the
privileges that require alices tickets, such as root access to
any of the sites hosts, or the ability to change alices
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.