Kerberos Authentication and klogin

After you have created a principal for klogin

(klogin/[email protected]) and updated the keytab files for all hosts involved, you can configure your host to allow others to access your home directory without divulging your account password. All you need to do is create a hidden file named .k5login in your home directory.The leading dot (.) makes the file hidden.You must then enter the principal of the user whom you wish to allow access. This user must, of course, be defined on the KDC, and the host from which the user is contacting you from must have an updated keytab file, which contains the host and host daemon name for krlogin.

If you wish to add multiple principals to the .k5login file, you can do so by entering each principal on a separate line, as follows:

[email protected] [email protected]

These two entries make it possible for patrick and susan to access only the home directory (the home directory of the system that contains the .k5login file) , and no other area on your machine or any other area on the network. Should you then wish to revoke access to your home directory, simply edit the .k5login file and remove the relevant entry.

Was this article helpful?

0 0

Post a comment