{"id":4644,"date":"2022-12-20T18:09:26","date_gmt":"2022-12-20T21:09:26","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/k5login-man5\/"},"modified":"2022-12-20T18:09:26","modified_gmt":"2022-12-20T21:09:26","slug":"k5login-man5","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/k5login-man5\/","title":{"rendered":"K5LOGIN (man5)"},"content":{"rendered":"

K5LOGIN<\/h1>\n

NAME<\/a>
DESCRIPTION<\/a>
EXAMPLES<\/a>
SEE ALSO<\/a>
AUTHOR<\/a>
COPYRIGHT<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

k5login \u2212 Kerberos V5 acl file for host access<\/p>\n

DESCRIPTION <\/a> <\/h2>\n

The .k5login file, which resides in a user’s home directory, contains a list of the Kerberos principals. Anyone with valid tickets for a principal in the file is allowed host access with the UID of the user in whose home directory the file resides. One common use is to place a .k5login file in root’s home directory, thereby granting system administrators remote root access to the host via Kerberos.<\/p>\n

EXAMPLES <\/a> <\/h2>\n

Suppose the user alice<\/b> had a .k5login file in her home directory containing just the following line:<\/p>\n

bob@FOOBAR.ORG<\/pre>\n
This would allow bob<\/b> to use Kerberos network applications, such as ssh(1), to access alice<\/b>‘s account, using bob<\/b>‘s Kerberos tickets. In a default configuration (with k5login_authoritative<\/b> set to true in krb5.conf(5)), this .k5login file would not let alice<\/b> use those network applications to access her account, since she is not listed! With no .k5login file, or with k5login_authoritative<\/b> set to false, a default rule would permit the principal alice<\/b> in the machine’s default realm to access the alice<\/b> account.<\/p>\n
Let us further suppose that alice<\/b> is a system administrator. Alice and the other system administrators would have their principals in root’s .k5login file on each host:<\/p>\n
alice@BLEEP.COM joeadmin\/root@BLEEP.COM<\/pre>\n
This would allow either system administrator to log in to these hosts using their Kerberos tickets instead of having to type the root password. Note that because bob<\/b> retains the Kerberos tickets for his own principal, bob@FOOBAR.ORG<\/b>, he would not have any of the privileges that require alice<\/b>‘s tickets, such as root access to any of the site’s hosts, or the ability to change alice<\/b>‘s password.<\/p>\n
SEE ALSO <\/a> <\/h2>\n
kerberos(1)<\/p>\n
AUTHOR <\/a> <\/h2>\n
MIT<\/p>\n
COPYRIGHT <\/a> <\/h2>\n
1985-2020, MIT<\/p>\n
\n","protected":false},"excerpt":{"rendered":"
  k5login \u2212 Kerberos V5 acl file for host access <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[959],"tags":[961,1581,1291],"class_list":["post-4644","post","type-post","status-publish","format-standard","hentry","category-5-formatos-de-ficheros","tag-961","tag-k5login","tag-man5"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=4644"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4644\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=4644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=4644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=4644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}