RLOGIN(1)RLOGIN(1)NAME
rlogin - remote login
SYNOPSIS
rlogin rhost [-ec] [-8] [-c] [ -a] [-f] [-F] [-t termtype] [-n] [-7]
[-PN | -PO] [-4] [-d] [-k realm] [-x] [-L] [-l username]
DESCRIPTION
Rlogin connects your terminal on the current local host system lhost to
the remote host system rhost.
The version built to use Kerberos authentication is very similar to the
standard Berkeley rlogin(1), except that instead of the rhosts mecha‐
nism, it uses Kerberos authentication to determine the authorization to
use a remote account.
Each user may have a private authorization list in a file .k5login in
his login directory. Each line in this file should contain a Kerberos
principal name of the form principal/instance@realm. If the originat‐
ing user is authenticated to one of the principals named in .k5login,
access is granted to the account. If there is no /.k5login file, the
principal will be granted access to the account according to the
aname->lname mapping rules. (See krb5_anadd(8) for more details.)
Otherwise a login and password will be prompted for on the remote
machine as in login(1). To avoid some security problems, the .k5login
file must be owned by the remote user.
If there is some problem in marshaling the Kerberos authentication
information, an error message is printed and the standard UCB rlogin is
executed in place of the Kerberos rlogin.
A line of the form ``~.'' disconnects from the remote host, where ``~''
is the escape character. Similarly, the line ``~^Z'' (where ^Z, con‐
trol-Z, is the suspend character) will suspend the rlogin session.
Substitution of the delayed-suspend character (normally ^Y) for the
suspend character suspends the send portion of the rlogin, but allows
output from the remote system.
The remote terminal type is the same as your local terminal type (as
given in your environment TERM variable), unless the -t option is spec‐
ified (see below). The terminal or window size is also copied to the
remote system if the server supports the option, and changes in size
are reflected as well.
All echoing takes place at the remote site, so that (except for delays)
the rlogin is transparent. Flow control via ^S and ^Q and flushing of
input and output on interrupts are handled properly.
OPTIONS-8 allows an eight-bit input data path at all times; otherwise par‐
ity bits are stripped except when the remote side's stop and
start characters are other than ^S/^Q. Eight-bit mode is the
default.
-L allows the rlogin session to be run in litout mode.
-ec sets the escape character to c. There is no space separating
this option flag and the new escape character.
-c require confirmation before disconnecting via ``~.''
-a force the remote machine to ask for a password by sending a null
local username. This option has no effect unless the standard
UCB rlogin is executed in place of the Kerberos rlogin (see
above).
-f forward a copy of the local credentials to the remote system.
-F forward a forwardable copy of the local credentials to the
remote system.
-t termtype
replace the terminal type passed to the remote host with
termtype.
-n prevent suspension of rlogin via ``~^Z'' or ``~^Y''.
-7 force seven-bit transmissions.
-d turn on socket debugging (via setsockopt(2)) on the TCP sockets
used for communication with the remote host.
-k request rlogin to obtain tickets for the remote host in realm
realm instead of the remote host's realm as determined by
krb_realmofhost(3).
-x turn on DES encryption for data passed via the rlogin session.
This applies only to input and output streams, so the username
is sent unencrypted. This significantly reduces response time
and significantly increases CPU utilization.
-PN
-PO Explicitly request new or old version of the Kerberos ``rcmd''
protocol. The new protocol avoids many security problems found
in the old one, but is not interoperable with older servers.
(An "input/output error" and a closed connection is the most
likely result of attempting this combination.) If neither
option is specified, some simple heuristics are used to guess
which to try.
-4 Use Kerberos V4 authentication only; don't try Kerberos V5.
SEE ALSOrsh(1), kerberos(1), krb_sendauth(3), krb_realmofhost(3), rlogin(1)
[UCB version], klogind(8)FILES
~/.k5login (on remote host) - file containing Kerberos principals that
are allowed access.
BUGS
More of the environment should be propagated.
RLOGIN(1)