unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

rlogin(1)                        User Commands                       rlogin(1)



NAME
       rlogin - remote login

SYNOPSIS
       rlogin  [-8EL]  [-ec ] [-A] [-x] [-PN | -PO]  [-f | -F]  [-a] [-l user-
       name] [-k realm] hostname

DESCRIPTION
       The rlogin utility establishes a remote login session from your  termi-
       nal  to  the remote machine named hostname. The user can choose to ker-
       berize the rlogin session using Kerberos V5 and also protect  the  data
       being transferred.

       Hostnames  are  listed in the hosts database, which may be contained in
       the /etc/hosts and /etc/inet/ipnodes  files,  the  Network  Information
       Service (NIS) hosts map, the Internet domain name server, or a combina-
       tion of these. Each host has one official name (the first name  in  the
       database  entry), and optionally one or more nicknames. Either official
       hostnames or nicknames may be specified in hostname.

       The user can opt for a secure rlogin session which uses Kerberos V5 for
       authentication.  Encryption  of  the session data is also possible. The
       rlogin session can be kerberized using any of  the  following  Kerberos
       specific  options:  -A, -PN or -PO, -x, -f or -F, and -k realm. Some of
       these options (-x, -PNor -PO, and -f or -F) can also  be  specified  in
       the  [appdefaults]  section of krb5.conf(4). The usage of these options
       and the expected behavior is discussed in the OPTIONS section below. If
       Kerberos  authentication  is used, authorization to the account is con-
       trolled through rules  in  krb5_auth_rules(5).  If  this  authorization
       fails,  fallback  to  normal rlogin using rhosts will occur only if the
       -PO option is used explicitly on the command line or  is  specified  in
       krb5.conf(4).  Also  notice  that  the -PN or -PO, -x, -f or -F, and -k
       realm options are just supersets of the -A option.

       The remote terminal type is the same as your local  terminal  type,  as
       given in your environment TERM variable. The terminal or window size is
       also copied to the remote system if the  server  supports  the  option.
       Changes  in  size are reflected as well. All echoing takes place at the
       remote site, so that (except for delays) the remote login is  transpar-
       ent.  Flow  control  using  <&lt;Control-S>&gt; and <&lt;Control-Q>&gt; and flushing of
       input and output on interrupts are handled properly.

OPTIONS
       The following options are supported:

       -8              Passes eight-bit data across the net instead of  seven-
                       bit data.



       -a              Forces  the  remote  machine  to  ask for a password by
                       sending a null local username.



       -A              Explicitly enables Kerberos authentication  and  trusts
                       the .k5login file for access-control. If the authoriza-
                       tion check by in.rlogind(1M) on  the  server-side  suc-
                       ceeds and if the .k5login file permits access, the user
                       is allowed to login without supplying a password.



       -ec             Specifies a different escape character, c, for the line
                       used to disconnect from the remote host.



       -E              Stops  any character from being recognized as an escape
                       character.



       -f              Forwards a copy  of  the  local  credentials  (Kerberos
                       Ticket Granting Ticket) to the remote system. This is a
                       non-forwardable ticket granting ticket. You  must  for-
                       ward a ticket granting ticket if you need to  authenti-
                       cate yourself to other Kerberized network  services  on
                       the  remote  host. An example is if your home directory
                       on the remote host is NFS mounted via Kerberos  V5.  If
                       your  local credentials are not forwarded in this case,
                       you will not be able to  access  your  home  directory.
                       This option is mutually exclusive with the -F option.



       -F              Forwards  a  forwardable  copy of the local credentials
                       (Kerberos Ticket Granting Ticket) to the remote system.
                       The  -F option provides a superset of the functionality
                       offered by the -f option.  For  example,  with  the  -f
                       option,  after  you  connected  to the remote host, any
                       attempt  to   invoke   /usr/bin/ftp,   /usr/bin/telnet,
                       /usr/bin/rlogin,  or  /usr/bin/rsh  with  the  -f or -F
                       options would fail. Thus, you would be unable  to  push
                       your  single  network sign on trust beyond one  system.
                       This option is mutually exclusive with the -f option.



       -k realm        Causes rlogin to obtain tickets for the remote host  in
                       realm  instead of the remote host's realm as determined
                       by krb5.conf(4).



       -l username     Specifies a different username for the remote login. If
                       you do not use this option, the remote username used is
                       the same as your local username.



       -L              Allows the rlogin session to be run in "litout" mode.



       -PN             Explicitly requests the new (-PN) or old (-PO)  version
       -PO             of  the  Kerberos  `rcmd'  protocol.  The  new protocol
                       avoids many security problems prevalant in the old  one
                       and is considered much more secure, but is not interop-
                       erable with older (MIT/SEAM) servers. The new  protocol
                       is  used  by default, unless explicitly specified using
                       these options or by  using  krb5.conf(4).  If  Kerberos
                       authorization fails when using the old `rcmd' protocol,
                       there is fallback to  regular,  non-kerberized  rlogin.
                       This  is  not the case when the new, more secure `rcmd'
                       protocol is used.



       -x              Turns on DES encryption for all data passed through the
                       rlogin   session.   This   reduces  response  time  and
                       increases CPU utilization.



   Escape Sequences
       Lines that you type which  start  with  the  tilde  character  (~)  are
       "escape  sequences."  The  escape character can be changed using the -e
       option.

       ~.              Disconnects from the remote host. This is not the  same
                       as  a logout, because the local host breaks the connec-
                       tion with no warning to the remote end.



       ~susp           Suspends the login session, but only if you are using a
                       shell  with Job Control. susp is your "suspend" charac-
                       ter, usually Control-Z. See tty(1).



       ~dsusp          Suspends the input half of the login, but  output  will
                       still  be  seen (only if you are using a shell with Job
                       Control). dsusp is your "deferred  suspend"  character,
                       usually Control-Y. See tty(1).



OPERANDS
       hostname        The  remote  machine  on  which  rlogin establishes the
                       remote login session.



USAGE
       For the kerberized rlogin session, each user may have a private  autho-
       rization  list in a file, .k5login, in his home directory. Each line in
       this file should contain a Kerberos principal name of the form  princi-
       pal/instance@realm.   If  there is a ~/.k5login file, access is granted
       to the account if and only if the originating user   is   authenticated
       to  one  of the principals named in the ~/.k5login file. Otherwise, the
       originating user will be granted access to the account if and  only  if
       the authenticated principal name of the user can be mapped to the local
       account name using the authenticated-principal-name ->  local-user-name
       mapping  rules.  The .k5login file (for access control) comes into play
       only when Kerberos authentication is being done.

       For the non-secure rlogin session, each remote machine may have a  file
       named  /etc/hosts.equiv  containing  a  list of trusted host names with
       which it shares user names. Users with the same user name on  both  the
       local  and  remote  machine  may rlogin from the machines listed in the
       remote machine's /etc/hosts.equiv file without  supplying  a  password.
       Individual   users  may  set up a similar private equivalence list with
       the file .rhosts in their home directories. Each line in this file con-
       tains  two  names, that is, a host name and a user name, separated by a
       space. An entry in a remote user's .rhosts file permits the user  named
       username  who  is logged into hostname to log in to the remote  machine
       as the remote user without supplying a password. If  the  name  of  the
       local  host  is  not  found  in the /etc/hosts.equiv file on the remote
       machine, and the local user name and host name are  not  found  in  the
       remote  user's .rhosts  file, then the remote machine will prompt for a
       password. Host names listed in the /etc/hosts.equiv and  .rhosts  files
       must be the official host names listed in the hosts database. Nicknames
       may not be used in either of these files.

       For security reasons, the .rhosts file must  be  owned  by  either  the
       remote user or by root.

FILES
       /etc/passwd             Contains information about users' accounts.



       /usr/hosts/*            For hostname version of the command.



       /etc/hosts.equiv        List  of  trusted  hostnames  with  shared user
                               names.



       /etc/nologin            Message displayed to users attempting to  login
                               during machine shutdown.



       $HOME/.rhosts           Private  list of trusted hostname/username com-
                               binations.



       $HOME/.k5login          File containing Kerberos  principals  that  are
                               allowed access.



       /etc/krb5/krb5.conf     Kerberos configuration file.



       /etc/hosts              Hosts database.



       /etc/inet/ipnodes       Hosts database.



ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWrcmdc


SEE ALSO
       rsh(1), stty(1), tty(1), in.rlogind(1M), hosts(4),hosts.equiv(4),  ipn-
       odes(4), krb5.conf(4), nologin(4), attributes(5), krb5_auth_rules(5)

DIAGNOSTICS
       The  following  message indicates that the machine is in the process of
       being shutdown and logins have been disabled:

       NO LOGINS: System going down in N minutes

NOTES
       When a system is listed in hosts.equiv, its security must be as good as
       local  security.  One insecure system listed in hosts.equiv can compro-
       mise the security of the entire system.

       The Network Information Service (NIS) was formerly known as Sun  Yellow
       Pages  (YP.)  The  functionality  of the two remains the same. Only the
       name has changed.

       This implementation can only use the TCP network service.



SunOS 5.10                        16 Dec 2004                        rlogin(1)