DragonFly On-Line Manual Pages

LOGIN(8)               DragonFly System Manager's Manual              LOGIN(8)

NAME
       login.krb5 - kerberos enhanced login program

SYNOPSIS
       login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]

DESCRIPTION
       login.krb5 is a modification of the BSD login program which is used for
       two functions.  It is the sub-process used by krlogind and telnetd to
       initiate a user session and it is a replacement for the command-line
       login program which, when invoked with a password, acquires Kerberos
       tickets for the user.

       login.krb5 will prompt for a username, or take one on the command line,
       as login.krb5 username and will then prompt for a password. This
       password will be used to acquire Kerberos Version 5 tickets (if
       possible.) It will also attempt to run aklog to get AFS tokens for the
       user. The version 5 tickets will be tested against a local krb5.keytab
       if it is available, in order to verify the tickets, before letting the
       user in. However, if the password matches the entry in /etc/passwd the
       user will be unconditionally allowed (permitting use of the machine in
       case of network failure.)

OPTIONS
       -p     preserve the current environment

       -r hostname
              pass hostname to rlogind.  Must be the last argument.

       -h hostname
              pass hostname to telnetd, etc.  Must be the last argument.

       -f name
              Perform pre-authenticated login, e.g., datakit, xterm, etc.;
              allows preauthenticated login as root.

       -F name
              Perform pre-authenticated login, e.g., datakit, xterm, etc.;
              allows preauthenticated login as root.

       -e name
              Perform pre-authenticated, encrypted login.  Must do term
              negotiation.

CONFIGURATION
       login.krb5 is also configured via krb5.conf using the login stanza. A
       collection of options dealing with initial authentication are provided:

       krb5_get_tickets
              Use password to get V5 tickets. Default value true.

       krb_run_aklog
              Attempt to run aklog. Default value false.

       aklog_path
              Where to find it [not yet implemented.] Default value
              $(prefix)/bin/aklog.

       accept_passwd
              Don't accept plaintext passwords [not yet implemented]. Default
              value false.

DIAGNOSTICS
       All diagnostic messages are returned on the connection or tty
       associated with stderr.

SEE ALSO
       rlogind(8), rlogin(1), telnetd(8)

                                                                      LOGIN(8)