Man Linux: Main Page and Category List

NAME

       rlogin - remote login

SYNOPSIS

       rlogin  rhost  [-ec]  [-8] [-c] [ -a] [-f] [-F] [-t termtype] [-n] [-7]
       [-PN | -PO] [-d] [-k realm] [-x] [-L] [-l username]

DESCRIPTION

       Rlogin connects your terminal on the current local host system lhost to
       the remote host system rhost.

       The version built to use Kerberos authentication is very similar to the
       standard  Berkeley  rlogin(1),  except  that  instead  of  the   rhosts
       mechanism,   it   uses   Kerberos   authentication   to  determine  the
       authorization to use a remote account.

       Each user may have a private authorization list in a file  .k5login  in
       his  login directory.  Each line in this file should contain a Kerberos
       principal  name  of  the   form   principal/instance@realm.    If   the
       originating  user  is  authenticated  to one of the principals named in
       .k5login, access is granted to the account.  If there is  no  /.k5login
       file,  the principal will be granted access to the account according to
       the aname->lname mapping rules.  (See krb5_anadd(8) for more  details.)
       Otherwise  a  login  and  password  will  be prompted for on the remote
       machine as in login(1).  To avoid some security problems, the  .k5login
       file must be owned by the remote user.

       If  there  is  some  problem  in marshaling the Kerberos authentication
       information, an error message is printed and the standard UCB rlogin is
       executed in place of the Kerberos rlogin.

       A line of the form ‘‘~.’’ disconnects from the remote host, where ‘‘~’’
       is the escape  character.   Similarly,  the  line  ‘‘~^Z’’  (where  ^Z,
       control-Z,  is  the suspend character) will suspend the rlogin session.
       Substitution of the delayed-suspend character  (normally  ^Y)  for  the
       suspend  character  suspends the send portion of the rlogin, but allows
       output from the remote system.

       The remote terminal type is the same as your local  terminal  type  (as
       given  in  your  environment  TERM  variable),  unless the -t option is
       specified (see below).  The terminal or window size is also  copied  to
       the  remote  system  if  the server supports the option, and changes in
       size are reflected as well.

       All echoing takes place at the remote site, so that (except for delays)
       the  rlogin is transparent.  Flow control via ^S and ^Q and flushing of
       input and output on interrupts are handled properly.

OPTIONS

       -8     allows an eight-bit input data  path  at  all  times;  otherwise
              parity  bits are stripped except when the remote side’s stop and
              start characters are other than ^S/^Q.  Eight-bit  mode  is  the
              default.

       -L     allows the rlogin session to be run in litout mode.

       -ec    sets  the  escape  character to c.  There is no space separating
              this option flag and the new escape character.

       -c     require confirmation before disconnecting via ‘‘~.’’

       -a     force the remote machine to ask for a password by sending a null
              local  username.   This option has no effect unless the standard
              UCB rlogin is executed in place  of  the  Kerberos  rlogin  (see
              above).

       -f     forward a copy of the local credentials to the remote system.

       -F     forward  a  forwardable  copy  of  the  local credentials to the
              remote system.

       -t termtype
              replace the  terminal  type  passed  to  the  remote  host  with
              termtype.

       -n     prevent suspension of rlogin via ‘‘~^Z’’ or ‘‘~^Y’’.

       -7     force seven-bit transmissions.

       -d     turn  on socket debugging (via setsockopt(2)) on the TCP sockets
              used for communication with the remote host.

       -k     request rlogin to obtain tickets for the remote  host  in  realm
              realm  instead  of  the  remote  host’s  realm  as determined by
              krb_realmofhost(3).

       -x     turn on DES encryption for data passed via the  rlogin  session.
              This  applies  only to input and output streams, so the username
              is sent unencrypted.  This significantly reduces  response  time
              and significantly increases CPU utilization.

       -PN

       -PO    Explicitly  request  new or old version of the Kerberos ‘‘rcmd’’
              protocol.  The new protocol avoids many security problems  found
              in  the  old  one,  but is not interoperable with older servers.
              (An "input/output error" and a closed  connection  is  the  most
              likely  result  of  attempting  this  combination.)   If neither
              option is specified, some simple heuristics are  used  to  guess
              which to try.

SEE ALSO

       rsh(1),  kerberos(1),  krb_sendauth(3),  krb_realmofhost(3),  rlogin(1)
       [UCB version], klogind(8)

FILES

       ~/.k5login  (on remote host) - file containing Kerberos principals that
                   are allowed access.

BUGS

       More of the environment should be propagated.

                                                                     RLOGIN(1)