DragonFly On-Line Manual Pages
K5LOGIN(5) MIT Kerberos K5LOGIN(5)
k5login - Kerberos V5 acl file for host access
The .k5login file, which resides in a user's home directory, contains a
list of the Kerberos principals. Anyone with valid tickets for a prin-
cipal in the file is allowed host access with the UID of the user in
whose home directory the file resides. One common use is to place a
.k5login file in root's home directory, thereby granting system admin-
istrators remote root access to the host via Kerberos.
Suppose the user alice had a .k5login file in her home directory con-
taining the following line:
This would allow bob to use Kerberos network applications, such as
ssh(1), to access alice's account, using bob's Kerberos tickets.
Let us further suppose that alice is a system administrator. Alice and
the other system administrators would have their principals in root's
.k5login file on each host:
This would allow either system administrator to log in to these hosts
using their Kerberos tickets instead of having to type the root pass-
word. Note that because bob retains the Kerberos tickets for his own
principal, bob@FOOBAR.ORG, he would not have any of the privileges that
require alice's tickets, such as root access to any of the site's
hosts, or the ability to change alice's password.