Disabling .k5login

Aleksandr Levchuk alevchuk at gmail.com
Thu Jan 7 19:35:48 EST 2010


Dear Kerberos Support,

The .k5login file in ones home directory gives user A and ability to let
other users (say user B) to log-in to the system as user A.

This could be a nice feature because users can give others
access to their account without sharing their password.

Also, ~~who logs-in as who~~ is reflected in krb5kdc.log, like this:
Jan  7 16:16:23 hostname sshd[12143]: Authorized to usera, krb5
principal userb at REALM.SMTHNG.EDU (krb5_kuserok)



I recently had a funny situation where an old user was trying to help
a new user by doing something like:
  olduser$  scp ~/.* newuser at host:

To share all the dot files.

But effectively locked-out the new user because the new user's line
got kicked out of .k5login



Is there a way to re-configure MIT Kerberos to disable the .k5login feature?

Alex

-- 
---------------------------------------------------------------
Aleksandr Levchuk
Homepage: http://biocluster.ucr.edu/~alevchuk/
Cell Phone: (951) 368-0004

Bioinformatic Systems and Databases
Lab Phone: (951) 905-5232

Institute for Integrative Genome Biology
University of California, Riverside
---------------------------------------------------------------



More information about the Kerberos mailing list