OpenBSD manual page server

Manual Page Search Parameters

LOGIN_KRB5(8) System Manager's Manual LOGIN_KRB5(8)

login_krb5provide KerberosV authentication type

login_krb5 [-s service] [-v login=yes|no] [-v notickets=yes|no] [-v invokinguser=useruser [class]

The login_krb5 utility implements the KerberosV authentication mechanism. It is called by login(1), su(1), ftpd(8), and others to authenticate the user with KerberosV.

The user argument is the user's name to be authenticated.

The service argument specifies which protocol to use with the invoking program. The allowed protocols are , challenge, and . (The challenge protocol is silently ignored but will report success as KerberosV authentication is not challenge-response based).

If invokinguser is set and the user argument is root, the principal invokinguser/root will be used for authentication.

If the notickets argument is equal to “no”, the default value, and the login argument is equal to “yes”, then the ticket will be saved in a credentials cache.

The class argument is ignored for compatibility with other login scripts.

login_krb5 will prompt the user for a password and report back to the invoking program whether or not the authentication was successful.

The login_krb5 utility uses the following krb5-specific /etc/login.conf variables:

krb5-noverify bool Failure to verify credentials against a local key is not considered a fatal error.

/etc/login.conf
login configuration database

login(1), passwd(1), su(1), login.conf(5), ftpd(8), kerberos(8), login_krb5-or-pwd(8)

June 1, 2012 OpenBSD-5.3