Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
K5LOGIN(5)			 MIT Kerberos			    K5LOGIN(5)

NAME
       k5login - Kerberos V5 acl file for host access

DESCRIPTION
       The .k5login file, which	resides	in a user's home directory, contains a
       list of the Kerberos principals.	 Anyone	with valid tickets for a prin-
       cipal  in  the  file is allowed host access with	the UID	of the user in
       whose home directory the	file resides.  One common use is  to  place  a
       .k5login	 file in root's	home directory,	thereby	granting system	admin-
       istrators remote	root access to the host	via Kerberos.

EXAMPLES
       Suppose the user	alice had a .k5login file in her home  directory  con-
       taining just the	following line:

	  bob@FOOBAR.ORG

       This  would  allow  bob	to  use	Kerberos network applications, such as
       ssh(1), to access alice's account, using	bob's Kerberos tickets.	 In  a
       default	configuration  (with  k5login_authoritative  set  to  true  in
       krb5.conf(5)), this .k5login file would not let alice use those network
       applications  to	 access	her account, since she is not listed!  With no
       .k5login	file, or with k5login_authoritative set	to  false,  a  default
       rule would permit the principal alice in	the machine's default realm to
       access the alice	account.

       Let us further suppose that alice is a system administrator.  Alice and
       the  other  system administrators would have their principals in	root's
       .k5login	file on	each host:

	  alice@BLEEP.COM

	  joeadmin/root@BLEEP.COM

       This would allow	either system administrator to log in to  these	 hosts
       using  their  Kerberos tickets instead of having	to type	the root pass-
       word.  Note that	because	bob retains the	Kerberos tickets for  his  own
       principal, bob@FOOBAR.ORG, he would not have any	of the privileges that
       require alice's tickets,	such as	root  access  to  any  of  the	site's
       hosts, or the ability to	change alice's password.

SEE ALSO
       kerberos(1)

AUTHOR
       MIT

COPYRIGHT
       1985-2017, MIT

1.15.1								    K5LOGIN(5)

NAME | DESCRIPTION | EXAMPLES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=.k5login&sektion=5&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help