1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
.TH "K5LOGIN" "5" "January 06, 2012" "0.0.1" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.\" Man page generated from reStructeredText.
.
.SH DESCRIPTION
.sp
The \fI.k5login\fP file, which resides in a user\(aqs home directory, contains a list of the Kerberos principals.
Anyone with valid tickets for a principal in the file is allowed host access with the UID of the user in whose home directory the file resides.
One common use is to place a \fI.k5login\fP file in root\(aqs home directory, thereby granting system administrators remote root access to the host via Kerberos.
.SH EXAMPLES
.sp
Suppose the user "alice" had a \fI.k5login\fP file in her home directory containing the following line:
.INDENT 0.0
.INDENT 3.5
.sp
bob@FUBAR.ORG
.UNINDENT
.UNINDENT
.sp
This would allow "bob" to use any of the Kerberos network applications, such as telnet(1), rlogin(1), rsh(1), and rcp(1),
to access alice\(aqs account, using bob\(aqs Kerberos tickets.
.sp
Let us further suppose that "alice" is a system administrator.
Alice and the other system administrators would have their principals in root\(aqs \fI.k5login\fP file on each host:
.INDENT 0.0
.INDENT 3.5
.sp
alice@BLEEP.COM
.sp
joeadmin/root@BLEEP.COM
.UNINDENT
.UNINDENT
.sp
This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root password.
Note that because "bob" retains the Kerberos tickets for his own principal, "bob@FUBAR.ORG",
he would not have any of the privileges that require alice\(aqs tickets, such as root access to any of the site\(aqs hosts,
or the ability to change alice\(aqs password.
.SH SEE ALSO
.sp
telnet(1), rlogin(1), rsh(1), rcp(1), ksu(1), telnetd(8), klogind(8)
.SH AUTHOR
MIT
.SH COPYRIGHT
2011, MIT
.\" Generated by docutils manpage writer.
.
|
