k5login - Kerberos V5 acl file for host access
Please see following description for synopsis
K5LOGIN(5) MIT Kerberos K5LOGIN(5) NAME k5login - Kerberos V5 acl file for host access DESCRIPTION The .k5login file, which resides in a user's home directory, contains a list of the Kerberos principals. Anyone with valid tickets for a prin- cipal in the file is allowed host access with the UID of the user in whose home directory the file resides. One common use is to place a .k5login file in root's home directory, thereby granting system admin- istrators remote root access to the host via Kerberos. EXAMPLES Suppose the user alice had a .k5login file in her home directory con- taining just the following line: bob@FOOBAR.ORG This would allow bob to use Kerberos network applications, such as ssh(1), to access alice's account, using bob's Kerberos tickets. In a default configuration (with k5login_authoritative set to true in krb5.conf(5)), this .k5login file would not let alice use those network applications to access her account, since she is not listed! With no .k5login file, or with k5login_authoritative set to false, a default rule would permit the principal alice in the machine's default realm to access the alice account. Let us further suppose that alice is a system administrator. Alice and the other system administrators would have their principals in root's .k5login file on each host: alice@BLEEP.COM joeadmin/root@BLEEP.COM This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root pass- word. Note that because bob retains the Kerberos tickets for his own principal, bob@FOOBAR.ORG, he would not have any of the privileges that require alice's tickets, such as root access to any of the site's hosts, or the ability to change alice's password. ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+------------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+------------------------+ |Availability | security/kerberos-5 | +---------------+------------------------+ |Stability | Pass-through committed | +---------------+------------------------+ SEE ALSO kerberos(1) AUTHOR MIT COPYRIGHT 1985-2021, MIT NOTES Source code for open source software components in Oracle Solaris can be found at https://www.oracle.com/downloads/opensource/solaris-source- code-downloads.html. This software was built from source available at https://github.com/oracle/solaris-userland. The original community source was downloaded from http://web.mit.edu/ker- beros/dist/krb5/1.18/krb5-1.18.4.tar.gz. Further information about this software can be found on the open source community website at http://web.mit.edu/kerberos/. 1.18.4 K5LOGIN(5)