[31888] in Kerberos
Disabling .k5login
daemon@ATHENA.MIT.EDU (Aleksandr Levchuk)
Thu Jan 7 19:35:59 2010
MIME-Version: 1.0
Date: Thu, 7 Jan 2010 16:35:48 -0800
Message-ID: <a39d6f081001071635u5111b103g22338d8194dd6f83@mail.gmail.com>
From: Aleksandr Levchuk <alevchuk@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Dear Kerberos Support,
The .k5login file in ones home directory gives user A and ability to let
other users (say user B) to log-in to the system as user A.
This could be a nice feature because users can give others
access to their account without sharing their password.
Also, ~~who logs-in as who~~ is reflected in krb5kdc.log, like this:
Jan 7 16:16:23 hostname sshd[12143]: Authorized to usera, krb5
principal userb@REALM.SMTHNG.EDU (krb5_kuserok)
I recently had a funny situation where an old user was trying to help
a new user by doing something like:
olduser$ scp ~/.* newuser@host:
To share all the dot files.
But effectively locked-out the new user because the new user's line
got kicked out of .k5login
Is there a way to re-configure MIT Kerberos to disable the .k5login feature?
Alex
--
---------------------------------------------------------------
Aleksandr Levchuk
Homepage: http://biocluster.ucr.edu/~alevchuk/
Cell Phone: (951) 368-0004
Bioinformatic Systems and Databases
Lab Phone: (951) 905-5232
Institute for Integrative Genome Biology
University of California, Riverside
---------------------------------------------------------------
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
