login.krb5 - kerberos enhanced login program
login.krb5 [-p] [-fFe username] [-r | -k | -K |
-h hostname]
login.krb5 is a modification of the BSD login program which is used for
two functions. It is the sub-process used by krlogind and telnetd to initiate
a user session and it is a replacement for the command-line login program
which, when invoked with a password, acquires Kerberos tickets for the user.
login.krb5 will prompt for a username, or take one on the
command line, as login.krb5 username and will then prompt for a
password. This password will be used to acquire Kerberos Version 5 tickets
(if possible.) It will also attempt to run aklog to get AFS
tokens for the user. The version 5 tickets will be tested against a local
krb5.keytab if it is available, in order to verify the tickets,
before letting the user in. However, if the password matches the entry in
/etc/passwd the user will be unconditionally allowed (permitting use
of the machine in case of network failure.)
- -p
- preserve the current environment
- -r hostname
- pass hostname to rlogind. Must be the last argument.
- -h hostname
- pass hostname to telnetd, etc. Must be the last argument.
- -f name
- Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows
preauthenticated login as root.
- -F name
- Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows
preauthenticated login as root.
- -e name
- Perform pre-authenticated, encrypted login. Must do term negotiation.
login.krb5 is also configured via krb5.conf using the login
stanza. A collection of options dealing with initial authentication are
provided:
- krb5_get_tickets
- Use password to get V5 tickets. Default value true.
- krb_run_aklog
- Attempt to run aklog. Default value false.
- aklog_path
- Where to find it [not yet implemented.] Default value
$(prefix)/bin/aklog.
- accept_passwd
- Don't accept plaintext passwords [not yet implemented]. Default value
false.
All diagnostic messages are returned on the connection or tty associated with
stderr.
rlogind(8), rlogin(1), telnetd(8)