kredentials(1) General Commands Manual kredentials(1)NAME
kredentials - KDE system tray applet to monitor and update authentication tokens
DESCRIPTION
Kredentials monitors the state of the user's Kerberos and AFS authentication tokens. It renews Kerberos tickets every hour up to the maxi-
mum renewable lifetime of the tickets and informs the user when the renewable lifetime is reached. Each time Kerberos tickets are
obtained, aklog(1) is run to obtain new AFS tokens.
OPTIONS
-i|--inform
Inform the user via a KDE "passive dialog" each time tickets are renewed.
-d|--disable-aklog
Don't run aklog to get new AFS tokens when renewing Kerberos creds.
BUGS
There aren't really any major bugs, but the feature list can and should be expanded. The command line options should be migrated to GUI-
configurable settings. The ticket renewal interval should be user-configurable.
AUTHOR
Kredentials was written by Noah Meyerhans <noahm@csail.mit.edu> for The Infrastructure Group at the Massachusetts Institute of Technology
Computer Science and Artificial Intelligence Lab. Please report any problems to noahm@csail.mit.edu
CSAIL User's Guide 2004-08-29 kredentials(1)
Check Out this Related Man Page
LOGIN(8) System Manager's Manual LOGIN(8)NAME
login.krb5 - kerberos enhanced login program
SYNOPSIS
login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]
DESCRIPTION
login.krb5 is a modification of the BSD login program which is used for two functions. It is the sub-process used by krlogind and telnetd
to initiate a user session and it is a replacement for the command-line login program which, when invoked with a password, acquires Ker-
beros tickets for the user.
login.krb5 will prompt for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This
password will be used to acquire Kerberos Version 5 tickets (if possible.) It will also attempt to run aklog to get AFS tokens for the
user. The version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting
the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally allowed (permitting use of the
machine in case of network failure.)
OPTIONS -p preserve the current environment
-r hostname
pass hostname to rlogind. Must be the last argument.
-h hostname
pass hostname to telnetd, etc. Must be the last argument.
-f name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-F name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-e name
Perform pre-authenticated, encrypted login. Must do term negotiation.
CONFIGURATION
login.krb5 is also configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro-
vided:
krb5_get_tickets
Use password to get V5 tickets. Default value true.
krb_run_aklog
Attempt to run aklog. Default value false.
aklog_path
Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.
accept_passwd
Don't accept plaintext passwords [not yet implemented]. Default value false.
DIAGNOSTICS
All diagnostic messages are returned on the connection or tty associated with stderr.
SEE ALSO rlogind(8), rlogin(1), telnetd(8)LOGIN(8)