DragonFly On-Line Manual Pages

K5LOGIN(5)			 MIT Kerberos			    K5LOGIN(5)


k5login - Kerberos V5 acl file for host access


The .k5login file, which resides in a user's home directory, contains a list of the Kerberos principals. Anyone with valid tickets for a prin- cipal in the file is allowed host access with the UID of the user in whose home directory the file resides. One common use is to place a .k5login file in root's home directory, thereby granting system admin- istrators remote root access to the host via Kerberos.


Suppose the user alice had a .k5login file in her home directory con- taining the following line: bob@FOOBAR.ORG This would allow bob to use Kerberos network applications, such as ssh(1), to access alice's account, using bob's Kerberos tickets. Let us further suppose that alice is a system administrator. Alice and the other system administrators would have their principals in root's .k5login file on each host: alice@BLEEP.COM joeadmin/root@BLEEP.COM This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root pass- word. Note that because bob retains the Kerberos tickets for his own principal, bob@FOOBAR.ORG, he would not have any of the privileges that require alice's tickets, such as root access to any of the site's hosts, or the ability to change alice's password.






1985-2013, MIT 1.12.1 K5LOGIN(5)