|
|
CoASTaL 0.95 (Default branch)
10-02-2008
CoASTaL allows users to enter their own computer support tickets, and to add actions after to keep IT up to date. Admins can manage tickets, add actions, assign hardware to people, and assign software licenses to computers (since its installed on computers, not people). It also has a Library for keeping track of projectors, cameras, and laptops (for example). It has been in use for 5 years prior to release. |
|
LOGIN(8C) LOGIN(8C) NAME
login.krb5 - kerberos enhanced login program SYNOPSIS
login.krb5 [ -fF [username] ] DESCRIPTION
login.krb5 is a modification of the BSD login program which is used for two functions. It is the sub-process used by krlogind and telnetd to initiate a user session and it is a replacement for the command-line login program which, when invoked with a password, acquires Ker- beros tickets for the user. login.krb5 will prompt for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This password will be used to acquire Kerberos Version 5 tickets and Kerberos Version 4 tickets (if possible.) It will also attempt to run aklog to get AFS tokens for the user. The version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally allowed (permitting use of the machine in case of network failure.) OPTIONS
-r hostname pass hostname to rlogind. -h hostname pass hostname to telnetd, etc. -f name Perform pre-authenticated login, e.g., datakit, xterm, etc.; allow preauthenticated login as root. -F name Perform pre-authenticated login, e.g.,for datakit, xterm, etc.; allows preauthenticated login as root. -e name Perform pre-authenticated, encrypted login. Must do term negotiation. CONFIGURATION
login.krb5 is also configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro- vided: krb5_get_tickets Use password to get V5 tickets. Default value true. krb4_get_tickets Use password to get V4 tickets. Default value true. krb4_convert Use Kerberos conversion daemon to get V4 tickets. Default value false. If false, and krb4_get_tickets is true, then login will get the V5 tickets directly using the Kerberos V4 protocol directly. This does not currently work with non MIT-V4 salt types (such as the AFS3 salt type.) Note that if configuration parameter is true, and the krb524d is not running, login will hang for approxi- mately a minute under Solaris, due to a Solaris socket emulation bug. krb_run_aklog Attempt to run aklog. Default value true. aklog_path Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog. accept_passwd Don't accept plaintext passwords [not yet implemented]. Default value false. DIAGNOSTICS
All diagnostic messages are returned on the connection or tty associated with stderr. SEE ALSO
rlogind(8C), rlogin(1C), telnetd(8c) BUGS
Should use a config file to select use of V5, V4, and AFS, as well as policy for startup. LOGIN(8C)