login man page by mark eichin

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7864 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index fab67cb030a018ce971cc9c7b58dcbef31ba59fc..93148ff5b1384b6c4571c28404f72c6c447cbd8f 100644 (file)
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -4,6 +4,11 @@ Mon Apr 29 17:02:44 1996  Ken Raeburn  <raeburn@cygnus.com>
        check for failures.
        * kshd.M, klogind.M: Renamed from kr*.M versions.
 
+       Wed Sep 13 23:19:17 1995  Mark Eichin  <eichin@cygnus.com>
+
+       * login.M: New file. Man page for login with some description of
+       new features.
+
 Sun Apr 21 12:52:35 1996  Richard Basch  <basch@lehman.com>
 
        * krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is

diff --git a/src/appl/bsd/login.M b/src/appl/bsd/login.M
new file mode 100644 (file)
index 0000000..222abab
--- /dev/null
+++ b/src/appl/bsd/login.M
@@ -0,0 +1,65 @@
+.\"    login.1
+.\"
+.TH LOGIN 8C "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+login \- kerberos enhanced login program
+.SH SYNOPSIS
+.B /sbin/login.krb5
+[
+.B \-fF [username]
+]
+.SH DESCRIPTION
+.I login
+is a modification of the BSD login program which is used for two functions.
+It is the sub-process used by krlogind and telnetd to initiate a user session
+and it is a replacement for the command-line login program which, when 
+invoked with a password, acquires Kerberos tickets for the user.
+.PP
+.I login 
+will prompt for a username, or take one on the command line, as
+.I login username
+and will then prompt for a password. This password will be used to acquire
+Kerberos Version 5 tickets and Kerberos Version 4 tickets (if
+possible.) It will also attempt to run 
+.I aklog
+to get \fIAFS\fP tokens for the user. The version 5 tickets will be
+tested against a local 
+.I v5srvtab
+if it is available, in order to verify the tickets, before letting the
+user in. However, if the password matches the entry in
+\fI/etc/passwd\fP the user will be unconditionally allowed (permitting
+use of the machine in case of network failure.)
+.PP
+.I login
+is also configured via 
+.I krb5.conf
+using the
+.I \[login\]
+stanza. A collection of options dealing with initial authentication are
+provided:
+.IP krb5_get_tickets
+Use password to get V5 tickets. Default value true.
+.IP krb4_get_tickets
+Use password to get V4 tickets. Default value true.
+.IP krb4_convert
+Use Kerberos conversion daemon to get V4 tickets. Default value
+true. If false, gets initial ticket directly, which does not currently
+work with non MIT-V4 salt types (such as the AFS3 salt type.)
+.IP krb_run_aklog
+Attempt to run aklog. Default value true.
+.IP aklog_path
+Where to find it [not yet implemented.] Default value 
+.I $(prefix)/bin/aklog.
+.IP accept_passwd = 0
+Don't accept plaintext passwords [not yet implemented]. Default value false.
+
+.SH DIAGNOSTICS
+All diagnostic messages are returned on the connection or tty
+associated with
+.BR stderr.
+.PP
+.SH SEE ALSO
+rlogind(8C), rlogin(1C), telnetd(8c)
+.SH BUGS
+Should use a config file to select use of V5, V4, and AFS, as well as
+policy for startup.