Man Linux: Main Page and Category List

NAME

       login.krb5 - kerberos enhanced login program

SYNOPSIS

       login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]

DESCRIPTION

       login.krb5 is a modification of the BSD login program which is used for
       two functions.  It is the sub-process used by krlogind and  telnetd  to
       initiate  a  user  session and it is a replacement for the command-line
       login program which, when invoked with a  password,  acquires  Kerberos
       tickets for the user.

       login.krb5 will prompt for a username, or take one on the command line,
       as login.krb5 username and  will  then  prompt  for  a  password.  This
       password  will  be  used  to  acquire  Kerberos  Version  5 tickets (if
       possible.) It will also attempt to run aklog to get AFS tokens for  the
       user.  The version 5 tickets will be tested against a local krb5.keytab
       if it is available, in order to verify the tickets, before letting  the
       user  in. However, if the password matches the entry in /etc/passwd the
       user will be unconditionally allowed (permitting use of the machine  in
       case of network failure.)

OPTIONS

       -p     preserve the current environment

       -r hostname
              pass hostname to rlogind.  Must be the last argument.

       -h hostname
              pass hostname to telnetd, etc.  Must be the last argument.

       -f name
              Perform  pre-authenticated  login,  e.g.,  datakit, xterm, etc.;
              allows preauthenticated login as root.

       -F name
              Perform pre-authenticated login,  e.g.,  datakit,  xterm,  etc.;
              allows preauthenticated login as root.

       -e name
              Perform   pre-authenticated,  encrypted  login.   Must  do  term
              negotiation.

CONFIGURATION

       login.krb5 is also configured via krb5.conf using the login  stanza.  A
       collection of options dealing with initial authentication are provided:

       krb5_get_tickets
              Use password to get V5 tickets. Default value true.

       krb_run_aklog
              Attempt to run aklog. Default value false.

       aklog_path
              Where  to  find  it  [not  yet   implemented.]   Default   value
              $(prefix)/bin/aklog.

       accept_passwd
              Don’t  accept plaintext passwords [not yet implemented]. Default
              value false.

DIAGNOSTICS

       All  diagnostic  messages  are  returned  on  the  connection  or   tty
       associated with stderr.

SEE ALSO

       rlogind(8), rlogin(1), telnetd(8)

                                                                      LOGIN(8)