mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-20 04:02:27 +00:00
6108625cb9
now makes use of login.conf and login.access. This is performed by using FreeBSD login(1) instead of MIT KRB5 login.krb5(8). The MIT KRB5 login.krb5(8) can still be used by specifying "-L" in the klogind and telnetd arguments in inetd.conf. This is documented in a new file called README.FreeBSD. Reviewed by: nectar
33 lines
1.6 KiB
Plaintext
33 lines
1.6 KiB
Plaintext
The MIT KRB5 port provides its own login program at
|
|
${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of
|
|
the FreeBSD login.conf and login.access files that provide a means of
|
|
setting up and controlling sessions under FreeBSD. To overcome this,
|
|
the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide
|
|
interactive login password authentication instead of the login.krb5
|
|
program provided by MIT KRB5. The FreeBSD /usr/bin/login program does
|
|
not have support for Kerberos V password authentication,
|
|
e.g. authentication at the console. The pam_krb5 port must be used to
|
|
provide Kerberos V password authentication.
|
|
|
|
For more information about pam_krb5, please see pam(8) and pam_krb5(8).
|
|
|
|
If you wish to use login.krb5 that is provided by the MIT KRB5 port,
|
|
the arguments "-L ${PREFIX}/sbin/login.krb5" must be
|
|
specified as arguments to klogind and KRB5 telnetd, e.g.
|
|
|
|
klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5
|
|
eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5
|
|
telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5
|
|
|
|
Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead
|
|
of the FreeBSD provided /usr/bin/login for local tty logins,
|
|
"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g.,
|
|
|
|
default:\
|
|
:cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
|
|
:if=/etc/issue:\
|
|
:lo=${PREFIX}/sbin/login.krb5:
|
|
|
|
It is recommended that the FreeBSD /usr/bin/login be used with the
|
|
pam_krb5 port instead of the MIT KRB5 provided login.krb5.
|