login.krb5(8c) redhat man page | unix.com

Redhat Man Pages Latest Topics

Man Page: login.krb5

Operating Environment: redhat

Section: 8c

LOGIN(8C)																 LOGIN(8C)


NAME

       login.krb5 - kerberos enhanced login program


SYNOPSIS

       login.krb5 [ -fF [username] ]


DESCRIPTION

       login.krb5  is a modification of the BSD login program which is used for two functions.	It is the sub-process used by krlogind and telnetd
       to initiate a user session and it is a replacement for the command-line login program which, when invoked with a  password,  acquires  Ker-
       beros tickets for the user.

       login.krb5  will  prompt  for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This
       password will be used to acquire Kerberos Version 5 tickets and Kerberos Version 4 tickets (if possible.) It will also attempt to run aklog
       to get AFS tokens for the user. The version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the
       tickets, before letting the user in. However, if the password matches the entry in /etc/passwd the user	will  be  unconditionally  allowed
       (permitting use of the machine in case of network failure.)


OPTIONS

       -r hostname
	      pass hostname to rlogind.

       -h hostname
	      pass hostname to telnetd, etc.

       -f name
	      Perform pre-authenticated login, e.g., datakit, xterm, etc.; allow preauthenticated login as root.

       -F name
	      Perform pre-authenticated login, e.g.,for datakit, xterm, etc.; allows preauthenticated login as root.

       -e name
	      Perform pre-authenticated, encrypted login.  Must do term negotiation.


CONFIGURATION

       login.krb5  is  also  configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro-
       vided:

       krb5_get_tickets
	      Use password to get V5 tickets. Default value true.

       krb4_get_tickets
	      Use password to get V4 tickets. Default value true.

       krb4_convert
	      Use Kerberos conversion daemon to get V4 tickets. Default value false. If false, and krb4_get_tickets is true, then login  will  get
	      the  V5  tickets directly using the Kerberos V4 protocol directly.  This does not currently work with non MIT-V4 salt types (such as
	      the AFS3 salt type.)  Note that if configuration parameter is true, and the krb524d is not running, login  will  hang  for  approxi-
	      mately a minute  under Solaris, due to a Solaris socket emulation bug.

       krb_run_aklog
	      Attempt to run aklog. Default value true.

       aklog_path
	      Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.

       accept_passwd
	      Don't accept plaintext passwords [not yet implemented]. Default value false.


DIAGNOSTICS

       All diagnostic messages are returned on the connection or tty associated with stderr.


SEE ALSO

       rlogind(8C), rlogin(1C), telnetd(8c)


BUGS

       Should use a config file to select use of V5, V4, and AFS, as well as policy for startup.

																	 LOGIN(8C)
Related Man Pages
kinit(8krb) - ultrix
login.krb5(8c) - redhat
login.krb5(8) - linux
login.krb5(8) - plan9
login.krb5(8) - v7
Similar Topics in the Unix Linux Community
LDAP/Kerberos Issue
How to Create Banner/Login Messages in Solaris.
How to show hostname infor after login
Encrypting the login password on Solaris 10
Need to find user login name with their First name and last name