Go to main content

man pages section 5: File Formats

Exit Print View

Updated: Thursday, June 13, 2019
 
 

k5login (5)

Name

k5login - Kerberos V5 acl file for host access

Synopsis

Please see following description for synopsis

Description

K5LOGIN(5)                       MIT Kerberos                       K5LOGIN(5)



NAME
       k5login - Kerberos V5 acl file for host access

DESCRIPTION
       The .k5login file, which resides in a user's home directory, contains a
       list of the Kerberos principals.  Anyone with valid tickets for a prin-
       cipal  in  the  file is allowed host access with the UID of the user in
       whose home directory the file resides.  One common use is  to  place  a
       .k5login  file in root's home directory, thereby granting system admin-
       istrators remote root access to the host via Kerberos.

EXAMPLES
       Suppose the user alice had a .k5login file in her home  directory  con-
       taining just the following line:

          bob@FOOBAR.ORG

       This  would  allow  bob  to  use Kerberos network applications, such as
       ssh(1), to access alice's account, using bob's Kerberos tickets.  In  a
       default  configuration  (with  k5login_authoritative  set  to  true  in
       krb5.conf(5)), this .k5login file would not let alice use those network
       applications  to  access her account, since she is not listed!  With no
       .k5login file, or with k5login_authoritative set to  false,  a  default
       rule would permit the principal alice in the machine's default realm to
       access the alice account.

       Let us further suppose that alice is a system administrator.  Alice and
       the  other  system administrators would have their principals in root's
       .k5login file on each host:

          alice@BLEEP.COM

          joeadmin/root@BLEEP.COM

       This would allow either system administrator to log in to  these  hosts
       using  their  Kerberos tickets instead of having to type the root pass-
       word.  Note that because bob retains the Kerberos tickets for  his  own
       principal, bob@FOOBAR.ORG, he would not have any of the privileges that
       require alice's tickets, such as root  access  to  any  of  the  site's
       hosts, or the ability to change alice's password.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+------------------------+
       |ATTRIBUTE TYPE |    ATTRIBUTE VALUE     |
       +---------------+------------------------+
       |Availability   | security/kerberos-5    |
       +---------------+------------------------+
       |Stability      | Pass-through committed |
       +---------------+------------------------+
SEE ALSO
       kerberos(1)

AUTHOR
       MIT

COPYRIGHT
       1985-2018, MIT



NOTES
       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source      was      downloaded      from      https://web.mit.edu/ker-
       beros/dist/krb5/1.16/krb5-1.16.1.tar.gz

       Further information about this software can be found on the open source
       community website at https://web.mit.edu/kerberos/.



1.16.1                                                              K5LOGIN(5)