1.K5LOGIN(5) File Formats Manual .K5LOGIN(5)
2
3
4
6 .k5login - Kerberos V5 acl file for host access.
7
9 The .k5login file, which resides in a user's home directory, contains a
10 list of the Kerberos principals. Anyone with valid tickets for a prin‐
11 cipal in the file is allowed host access with the UID of the user in
12 whose home directory the file resides. One common use is to place a
13 .k5login file in root's home directory, thereby granting system admin‐
14 istrators remote root access to the host via Kerberos.
15
17 Suppose the user "janedoe" had a .k5login file in her home directory
18 containing the following line:
19
20 johndoe@FUBAR.ORG
21
22 This would allow her husband "johndoe" to use any of the Kerberos net‐
23 work applications, such as telnet(1), rlogin(1), rsh(1), and rcp(1), to
24 access her account, using his own Kerberos tickets.
25
26 Let us further suppose that "janedoe" is a system administrator. She
27 and the other system administrators would have their principals in
28 root's .k5login file on each host:
29
30 janedoe@BLEEP.COM
31 joeadmin/root@BLEEP.COM
32
33 This would allow either system administrator to log in to these hosts
34 using their Kerberos tickets instead of having to type the root pass‐
35 word. Note that because "janedoe"'s husband retains the Kerberos tick‐
36 ets for his own principal, "johndoe@FUBAR.ORG", he would not have any
37 of the privileges that require his wife's tickets, such as root access
38 to any of her site's hosts, or the ability to change her password.
39
41 telnet(1), rlogin(1), rsh(1), rcp(1), ksu(1), telnetd(8), klogind(8)
42
43
44
45 .K5LOGIN(5)