Provided by: krb5-rsh-server_1.0.1-1_amd64 bug

NAME

       login.krb5 - kerberos enhanced login program

SYNOPSIS

       login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]

DESCRIPTION

       login.krb5 is a modification of the BSD login program which is used for two functions.  It
       is the sub-process used by krlogind and telnetd to initiate a user session  and  it  is  a
       replacement  for  the  command-line  login  program  which,  when invoked with a password,
       acquires Kerberos tickets for the user.

       login.krb5 will prompt for a username, or take one on  the  command  line,  as  login.krb5
       username  and  will  then  prompt  for  a  password. This password will be used to acquire
       Kerberos Version 5 tickets (if possible.) It will also attempt to run  aklog  to  get  AFS
       tokens  for  the user. The version 5 tickets will be tested against a local krb5.keytab if
       it is available, in order to verify the tickets, before letting the user in.  However,  if
       the  password  matches  the  entry in /etc/passwd the user will be unconditionally allowed
       (permitting use of the machine in case of network failure.)

OPTIONS

       -p     preserve the current environment

       -r hostname
              pass hostname to rlogind.  Must be the last argument.

       -h hostname
              pass hostname to telnetd, etc.  Must be the last argument.

       -f name
              Perform   pre-authenticated   login,   e.g.,   datakit,   xterm,    etc.;    allows
              preauthenticated login as root.

       -F name
              Perform    pre-authenticated    login,   e.g.,   datakit,   xterm,   etc.;   allows
              preauthenticated login as root.

       -e name
              Perform pre-authenticated, encrypted login.  Must do term negotiation.

CONFIGURATION

       login.krb5 is also configured via krb5.conf  using  the  login  stanza.  A  collection  of
       options dealing with initial authentication are provided:

       krb5_get_tickets
              Use password to get V5 tickets. Default value true.

       krb_run_aklog
              Attempt to run aklog. Default value false.

       aklog_path
              Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.

       accept_passwd
              Don't accept plaintext passwords [not yet implemented]. Default value false.

DIAGNOSTICS

       All diagnostic messages are returned on the connection or tty associated with stderr.

SEE ALSO

       rlogind(8), rlogin(1), telnetd(8)

                                                                                         LOGIN(8)