Logon Problems Using a .k5login File

If a user with valid credentials is prompted for a password while requesting access to a kerberized application, the .k5login file may be the cause. A .k5login file determines which principals can access the user's account. This file is required in Cybersafe environments, and in situations where the user logs on with a different name from the principal name (in such cases, the user’s home directory on the server must have a copy of the .k5login file). Try the following:

  • Verify that the .k5login file is located in the home directory of the UNIX user.

  • Verify that only the .k5login account owner has write access to the file.

  • If you’re the .k5login account owner, edit the file to ensure access to the specified principals. For example, if your principal name doesn’t match your UNIX account name, add your full principal name using the principal@realm format. Similarly, if you use the same principal name for several different realms, you must add a separate principal@realm name for each realm.