Rechercher une page de manuel
login.krb5
Langue: en
Version: 364032 (ubuntu - 25/10/10)
Section: 8 (Commandes administrateur)
NAME
login.krb5 - kerberos enhanced login programSYNOPSIS
login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]DESCRIPTION
login.krb5 is a modification of the BSD login program which is used for two functions. It is the sub-process used by krlogind and telnetd to initiate a user session and it is a replacement for the command-line login program which, when invoked with a password, acquires Kerberos tickets for the user.login.krb5 will prompt for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This password will be used to acquire Kerberos Version 5 tickets (if possible.) It will also attempt to run aklog to get AFS tokens for the user. The version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally allowed (permitting use of the machine in case of network failure.)
OPTIONS
- -p
- preserve the current environment
- -r hostname
- pass hostname to rlogind. Must be the last argument.
- -h hostname
- pass hostname to telnetd, etc. Must be the last argument.
- -f name
- Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
- -F name
- Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
- -e name
- Perform pre-authenticated, encrypted login. Must do term negotiation.
CONFIGURATION
login.krb5 is also configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are provided:- krb5_get_tickets
- Use password to get V5 tickets. Default value true.
- krb_run_aklog
- Attempt to run aklog. Default value false.
- aklog_path
- Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.
- accept_passwd
- Don't accept plaintext passwords [not yet implemented]. Default value false.
DIAGNOSTICS
All diagnostic messages are returned on the connection or tty associated with stderr.SEE ALSO
rlogind(8), rlogin(1), telnetd(8)Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre