diff options
Diffstat (limited to 'src/man/k5login.5')
| -rw-r--r-- | src/man/k5login.5 | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/src/man/k5login.5 b/src/man/k5login.5 new file mode 100644 index 0000000000..ca00b9b0a0 --- /dev/null +++ b/src/man/k5login.5 @@ -0,0 +1,74 @@ +.TH "K5LOGIN" "5" "January 06, 2012" "0.0.1" "MIT Kerberos" +.SH NAME +k5login \- Kerberos V5 acl file for host access +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.\" Man page generated from reStructeredText. +. +.SH DESCRIPTION +.sp +The \fI.k5login\fP file, which resides in a user\(aqs home directory, contains a list of the Kerberos principals. +Anyone with valid tickets for a principal in the file is allowed host access with the UID of the user in whose home directory the file resides. +One common use is to place a \fI.k5login\fP file in root\(aqs home directory, thereby granting system administrators remote root access to the host via Kerberos. +.SH EXAMPLES +.sp +Suppose the user "alice" had a \fI.k5login\fP file in her home directory containing the following line: +.INDENT 0.0 +.INDENT 3.5 +.sp +bob@FUBAR.ORG +.UNINDENT +.UNINDENT +.sp +This would allow "bob" to use any of the Kerberos network applications, such as telnet(1), rlogin(1), rsh(1), and rcp(1), +to access alice\(aqs account, using bob\(aqs Kerberos tickets. +.sp +Let us further suppose that "alice" is a system administrator. +Alice and the other system administrators would have their principals in root\(aqs \fI.k5login\fP file on each host: +.INDENT 0.0 +.INDENT 3.5 +.sp +alice@BLEEP.COM +.sp +joeadmin/root@BLEEP.COM +.UNINDENT +.UNINDENT +.sp +This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root password. +Note that because "bob" retains the Kerberos tickets for his own principal, "bob@FUBAR.ORG", +he would not have any of the privileges that require alice\(aqs tickets, such as root access to any of the site\(aqs hosts, +or the ability to change alice\(aqs password. +.SH SEE ALSO +.sp +telnet(1), rlogin(1), rsh(1), rcp(1), ksu(1), telnetd(8), klogind(8) +.SH AUTHOR +MIT +.SH COPYRIGHT +2011, MIT +.\" Generated by docutils manpage writer. +. |