Disabling .k5login
Aleksandr Levchuk
alevchuk at gmail.com
Thu Jan 7 19:35:48 EST 2010
Dear Kerberos Support,
The .k5login file in ones home directory gives user A and ability to let
other users (say user B) to log-in to the system as user A.
This could be a nice feature because users can give others
access to their account without sharing their password.
Also, ~~who logs-in as who~~ is reflected in krb5kdc.log, like this:
Jan 7 16:16:23 hostname sshd[12143]: Authorized to usera, krb5
principal userb at REALM.SMTHNG.EDU (krb5_kuserok)
I recently had a funny situation where an old user was trying to help
a new user by doing something like:
olduser$ scp ~/.* newuser at host:
To share all the dot files.
But effectively locked-out the new user because the new user's line
got kicked out of .k5login
Is there a way to re-configure MIT Kerberos to disable the .k5login feature?
Alex
--
---------------------------------------------------------------
Aleksandr Levchuk
Homepage: http://biocluster.ucr.edu/~alevchuk/
Cell Phone: (951) 368-0004
Bioinformatic Systems and Databases
Lab Phone: (951) 905-5232
Institute for Integrative Genome Biology
University of California, Riverside
---------------------------------------------------------------
More information about the Kerberos
mailing list