k5login(8sec)
Contains names of Kerberos principals allowed to access the host with the user ID of the .k5login file owner
Description
The .k5login file, which resides in a user's home directory, contains a list of Kerberos principals. Any of the listed principals with valid Kerberos tickets are allowed host access with the user ID of the user in whose home directory the file resides. One common use of the .k5login file is to grant system administrators remote root access to the host via Kerberos by placing the file in root's home directory.
Examples
Suppose the user janedoe has a .k5login file that contains the following lines in her home directory:
johndoe@FUBAR.ORG
This line allows the user johndoe@FUBAR.ORG to use Kerberos network applications, such as rlogin(8sec) and rsh(8sec), and to access janedoe's account using his own Kerberos tickets. Note that because johndoe retains his own Kerberos tickets, he does not have any privileges that require janedoe's tickets, such as root access to any of her site's hosts, or the ability to change her password.
Suppose janedoe and joeadmin are system administrators. If they are listed in root's .k5login file on each host, they can log in to the hosts using their Kerberos tickets instead of having to type the root password.
Related Information
Commands: