Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
LOGIN(8)		    System Manager's Manual		      LOGIN(8)

NAME
       login.krb5 - kerberos enhanced login program

SYNOPSIS
       login.krb5 [-p] [-fFe username] [-r | -k	| -K | -h hostname]

DESCRIPTION
       login.krb5 is a modification of the BSD login program which is used for
       two functions.  It is the sub-process used by krlogind and  telnetd  to
       initiate	 a  user  session and it is a replacement for the command-line
       login program which, when invoked with a	 password,  acquires  Kerberos
       tickets for the user.

       login.krb5 will prompt for a username, or take one on the command line,
       as login.krb5 username and will then prompt for a password. This	 pass-
       word  will be used to acquire Kerberos Version 5	tickets	(if possible.)
       It will also attempt to run aklog to get	AFS tokens for the  user.  The
       version	5  tickets will	be tested against a local krb5.keytab if it is
       available, in order to verify the tickets, before letting the user  in.
       However,	if the password	matches	the entry in /etc/passwd the user will
       be unconditionally allowed (permitting use of the machine  in  case  of
       network failure.)

OPTIONS
       -p     preserve the current environment

       -r hostname
	      pass hostname to rlogind.	 Must be the last argument.

       -h hostname
	      pass hostname to telnetd,	etc.  Must be the last argument.

       -f name
	      Perform pre-authenticated	login, e.g., datakit, xterm, etc.; al-
	      lows preauthenticated login as root.

       -F name
	      Perform pre-authenticated	login, e.g., datakit, xterm, etc.; al-
	      lows preauthenticated login as root.

       -e name
	      Perform  pre-authenticated, encrypted login.  Must do term nego-
	      tiation.

CONFIGURATION
       login.krb5 is also configured via krb5.conf using the login  stanza.  A
       collection of options dealing with initial authentication are provided:

       krb5_get_tickets
	      Use password to get V5 tickets. Default value true.

       krb_run_aklog
	      Attempt to run aklog. Default value false.

       aklog_path
	      Where  to	 find  it  [not	yet implemented.] Default value	$(pre-
	      fix)/bin/aklog.

       accept_passwd
	      Don't accept plaintext passwords [not yet	implemented].  Default
	      value false.

DIAGNOSTICS
       All  diagnostic	messages are returned on the connection	or tty associ-
       ated with stderr.

SEE ALSO
       rlogind(8), rlogin(1), telnetd(8)

								      LOGIN(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | CONFIGURATION | DIAGNOSTICS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=login.krb5&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help