Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   7435 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

LOGIN(8)							      LOGIN(8)

NAME
       login.krb5 - kerberos enhanced login program

SYNOPSIS
       login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]

DESCRIPTION
       login.krb5 is a modification of the BSD login program which is used for
       two functions.  It is the sub-process used by krlogind and  telnetd  to
       initiate	 a  user  session and it is a replacement for the command-line
       login program which, when invoked with a	 password,  acquires  Kerberos
       tickets for the user.

       login.krb5 will prompt for a username, or take one on the command line,
       as login.krb5 username and will then prompt for a password. This	 pass‐
       word  will  be  used to acquire Kerberos Version 5 tickets and Kerberos
       Version 4 tickets (if possible.) It will also attempt to run  aklog  to
       get  AFS	 tokens	 for  the  user.  The version 5 tickets will be tested
       against a local krb5.keytab if it is available, in order to verify  the
       tickets,	 before	 letting the user in. However, if the password matches
       the entry in /etc/passwd the user will be unconditionally allowed (per‐
       mitting use of the machine in case of network failure.)

OPTIONS
       -p     preserve the current environment

       -r hostname
	      pass hostname to rlogind.	 Must be the last argument.

       -h hostname
	      pass hostname to telnetd, etc.  Must be the last argument.

       -k hostname
	      Use Kerberos V4 to login.	 Must be the last argument.

       -K hostname
	      Use Kerberos V4 to login.	 Must be the last argument.

       -f name
	      Perform  pre-authenticated  login,  e.g.,	 datakit, xterm, etc.;
	      allows preauthenticated login as root.

       -F name
	      Perform pre-authenticated login,	e.g.,  datakit,	 xterm,	 etc.;
	      allows preauthenticated login as root.

       -e name
	      Perform  pre-authenticated, encrypted login.  Must do term nego‐
	      tiation.

CONFIGURATION
       login.krb5 is also configured via krb5.conf using the login  stanza.  A
       collection of options dealing with initial authentication are provided:

       krb5_get_tickets
	      Use password to get V5 tickets. Default value true.

       krb4_get_tickets
	      Use password to get V4 tickets. Default value false.

       krb4_convert
	      Use  Kerberos conversion daemon to get V4 tickets. Default value
	      false. If false, and krb4_get_tickets is true, then  login  will
	      get  the	V5  tickets  directly  using  the Kerberos V4 protocol
	      directly.	 This does not currently work  with  non  MIT-V4  salt
	      types  (such as the AFS3 salt type.)  Note that if configuration
	      parameter is true, and the krb524d is not	 running,  login  will
	      hang for approximately a minute  under Solaris, due to a Solaris
	      socket emulation bug.

       krb_run_aklog
	      Attempt to run aklog. Default value false.

       aklog_path
	      Where to find it [not yet	 implemented.]	Default	 value	$(pre‐
	      fix)/bin/aklog.

       accept_passwd
	      Don't  accept plaintext passwords [not yet implemented]. Default
	      value false.

DIAGNOSTICS
       All diagnostic messages are returned on the connection or  tty  associ‐
       ated with stderr.

SEE ALSO
       rlogind(8), rlogin(1), telnetd(8)

BUGS
       Should  use  a config file to select use of V5, V4, and AFS, as well as
       policy for startup.

								      LOGIN(8)

Vote for polarhome