.K5LOGIN(5) UNIX System V .K5LOGIN(5)
NAME
DESCRIPTION
The .k5login file, which resides in a user's home directory,
contains a list of the Kerberos principals. Anyone with
valid tickets for a principal in the file is allowed host
access with the UID of the user in whose home directory the
file resides. One common use is to place a .k5login file in
root's home directory, thereby granting system
administrators remote root access to the host via Kerberos.
EXAMPLES
Suppose the user "janedoe" had a .k5login file in her home
directory containing the following line:
johndoe@FUBAR.ORG
This would allow her husband "johndoe" to use any of the
Kerberos network applications, such as telnet(1), rlogin(1),
rsh(1), and rcp(1), to access her account, using his own
Kerberos tickets.
Let us further suppose that "janedoe" is a system
administrator. She and the other system administrators
would have their principals in root's .k5login file on each
host:
janedoe@BLEEP.COM
joeadmin/root@BLEEP.COM
This would allow either system administrator to log in to
these hosts using their Kerberos tickets instead of having
to type the root password. Note that because "janedoe"'s
husband retains the Kerberos tickets for his own principal,
"johndoe@FUBAR.ORG", he would not have any of the privileges
that require his wife's tickets, such as root access to any
of her site's hosts, or the ability to change her password.
SEE ALSO
telnet(1), rlogin(1), rsh(1), rcp(1), ksu(1), telnetd(8),
klogind(8)
Page 1 (printed 4/3/05)