K5LOGIN(5) MIT Kerberos K5LOGIN(5)NAMEk5login - Kerberos V5 acl file for host access
The .k5login file, which resides in a user's home directory, contains a
list of the Kerberos principals. Anyone with valid tickets for a prin‐
cipal in the file is allowed host access with the UID of the user in
whose home directory the file resides. One common use is to place a
.k5login file in root's home directory, thereby granting system admin‐
istrators remote root access to the host via Kerberos.
Suppose the user alice had a .k5login file in her home directory con‐
taining the following line:
This would allow bob to use Kerberos network applications, such as
ssh(1), to access alice's account, using bob's Kerberos tickets.
Let us further suppose that alice is a system administrator. Alice and
the other system administrators would have their principals in root's
.k5login file on each host:
This would allow either system administrator to log in to these hosts
using their Kerberos tickets instead of having to type the root pass‐
word. Note that because bob retains the Kerberos tickets for his own
principal, bob@FOOBAR.ORG, he would not have any of the privileges that
require alice's tickets, such as root access to any of the site's
hosts, or the ability to change alice's password.