rlogin



RLOGIN(1)                                                            RLOGIN(1)




NAME

       rlogin - remote login


SYNOPSIS

       rlogin  rhost  [-ec]  [-8] [-c] [ -a] [-f] [-F] [-t termtype] [-n] [-7]
       [-PN | -PO] [-4] [-d] [-k realm] [-x] [-L] [-l username]



DESCRIPTION

       Rlogin connects your terminal on the current local host system lhost to
       the remote host system rhost.

       The version built to use Kerberos authentication is very similar to the
       standard Berkeley rlogin(1), except that instead of the  rhosts  mecha-
       nism, it uses Kerberos authentication to determine the authorization to
       use a remote account.

       Each user may have a private authorization list in a file  .k5login  in
       his  login directory.  Each line in this file should contain a Kerberos
       principal name of the form principal/instance@realm.  If the  originat-
       ing  user  is authenticated to one of the principals named in .k5login,
       access is granted to the account.  If there is no /.k5login  file,  the
       principal  will  be  granted  access  to  the  account according to the
       aname->lname mapping rules.   (See  krb5_anadd(8)  for  more  details.)
       Otherwise  a  login  and  password  will  be prompted for on the remote
       machine as in login(1).  To avoid some security problems, the  .k5login
       file must be owned by the remote user.

       If  there  is  some  problem  in marshaling the Kerberos authentication
       information, an error message is printed and the standard UCB rlogin is
       executed in place of the Kerberos rlogin.

       A line of the form ‘‘~.’’ disconnects from the remote host, where ‘‘~’’
       is the escape character.  Similarly, the line ‘‘~^Z’’ (where  ^Z,  con-
       trol-Z,  is  the  suspend  character)  will suspend the rlogin session.
       Substitution of the delayed-suspend character  (normally  ^Y)  for  the
       suspend  character  suspends the send portion of the rlogin, but allows
       output from the remote system.

       The remote terminal type is the same as your local  terminal  type  (as
       given in your environment TERM variable), unless the -t option is spec-
       ified (see below).  The terminal or window size is also copied  to  the
       remote  system  if  the server supports the option, and changes in size
       are reflected as well.

       All echoing takes place at the remote site, so that (except for delays)
       the  rlogin is transparent.  Flow control via ^S and ^Q and flushing of
       input and output on interrupts are handled properly.


OPTIONS

       -8     allows an eight-bit input data path at all times; otherwise par-
              ity  bits  are  stripped  except when the remote side’s stop and
              start characters are other than ^S/^Q.  Eight-bit  mode  is  the
              default.

       -L     allows the rlogin session to be run in litout mode.

       -ec    sets  the  escape  character to c.  There is no space separating
              this option flag and the new escape character.

       -c     require confirmation before disconnecting via ‘‘~.’’

       -a     force the remote machine to ask for a password by sending a null
              local  username.   This option has no effect unless the standard
              UCB rlogin is executed in place  of  the  Kerberos  rlogin  (see
              above).

       -f     forward a copy of the local credentials to the remote system.

       -F     forward  a  forwardable  copy  of  the  local credentials to the
              remote system.

       -t termtype
              replace the  terminal  type  passed  to  the  remote  host  with
              termtype.

       -n     prevent suspension of rlogin via ‘‘~^Z’’ or ‘‘~^Y’’.

       -7     force seven-bit transmissions.

       -d     turn  on socket debugging (via setsockopt(2)) on the TCP sockets
              used for communication with the remote host.

       -k     request rlogin to obtain tickets for the remote  host  in  realm
              realm  instead  of  the  remote  host’s  realm  as determined by
              krb_realmofhost(3).

       -x     turn on DES encryption for data passed via the  rlogin  session.
              This  applies  only to input and output streams, so the username
              is sent unencrypted.  This significantly reduces  response  time
              and significantly increases CPU utilization.

       -PN

       -PO    Explicitly  request  new or old version of the Kerberos ‘‘rcmd’’
              protocol.  The new protocol avoids many security problems  found
              in  the  old  one,  but is not interoperable with older servers.
              (An "input/output error" and a closed  connection  is  the  most
              likely  result  of  attempting  this  combination.)   If neither
              option is specified, some simple heuristics are  used  to  guess
              which to try.

       -4     Use Kerberos V4 authentication only; don’t try Kerberos V5.


SEE ALSO

       rsh(1),  kerberos(3),  krb_sendauth(3),  krb_realmofhost(3),  rlogin(1)
       [UCB version], klogind(8)


FILES

       ~/.k5login  (on remote host) - file containing Kerberos principals that
                   are allowed access.


BUGS

       More of the environment should be propagated.



                                                                     RLOGIN(1)

Man(1) output converted with man2html