.k5users and app's other than ksu

Tillman Hodgson tillman at seekingfire.com
Wed Apr 14 20:14:29 EDT 2004


Howdy folks,

I've run across a situation where a nice solution would involve using
~/.k5users rather than .k5login to limit remote rsh abilities. ~/.k5users
is a tool that I've read about but never used before.

It's always struck me as odd that .k5login has it's own man page while
.k5users is covered in the ksu man page. Then it occurred to me that
.k5users might only be referenced by ksu.  That would be unfortunate as
I was hoping that kshd also used it. An initial read of krshd.c seems to
confirm that, as it says only:

 * This is the rshell daemon. The very basic protocol for checking
 * authentication and authorization is:
 * 1) Check authentication.
 * 2) Check authorization via the access-control files:
 *    ~/.k5login (using krb5_kuserok) and/or
 * Execute command if configured authoriztion checks pass, else deny
 * permission.

Would somebody please confirm that rsh doesn't use .k5users?

Many thanks,

-T


-- 
Knowing others is intelligence. Knowing yourself is true wisdom.
	- Lao Tse


More information about the Kerberos mailing list