Provided by: krb5-doc_1.13.2+dfsg-5ubuntu2.2_all 
NAME
k5login - Kerberos V5 acl file for host access
DESCRIPTION
The .k5login file, which resides in a user's home directory, contains a list of the
Kerberos principals. Anyone with valid tickets for a principal in the file is allowed
host access with the UID of the user in whose home directory the file resides. One common
use is to place a .k5login file in root's home directory, thereby granting system
administrators remote root access to the host via Kerberos.
EXAMPLES
Suppose the user alice had a .k5login file in her home directory containing just the
following line:
bob@FOOBAR.ORG
This would allow bob to use Kerberos network applications, such as ssh(1), to access
alice's account, using bob's Kerberos tickets. In a default configuration (with
k5login_authoritative set to true in krb5.conf(5)), this .k5login file would not let alice
use those network applications to access her account, since she is not listed! With no
.k5login file, or with k5login_authoritative set to false, a default rule would permit the
principal alice in the machine's default realm to access the alice account.
Let us further suppose that alice is a system administrator. Alice and the other system
administrators would have their principals in root's .k5login file on each host:
alice@BLEEP.COM
joeadmin/root@BLEEP.COM
This would allow either system administrator to log in to these hosts using their Kerberos
tickets instead of having to type the root password. Note that because bob retains the
Kerberos tickets for his own principal, bob@FOOBAR.ORG, he would not have any of the
privileges that require alice's tickets, such as root access to any of the site's hosts,
or the ability to change alice's password.
SEE ALSO
kerberos(1)
AUTHOR
MIT
COPYRIGHT
1985-2015, MIT