1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
<HTML>
<BODY>
<PRE>
<!-- Manpage converted by man2html 3.0.1 -->
</PRE>
<H2>NAME</H2><PRE>
rlogin - remote login
</PRE>
<H2>SYNOPSIS</H2><PRE>
<B>rlogin</B> <I>rhost</I> [<B>-e</B><I>c</I>] [<B>-8</B>] [<B>-c</B>] [ <B>-a</B>] [<B>-f</B>] [<B>-F</B>] [<B>-t</B> <I>termtype</I>]
[<B>-n</B>] [<B>-7</B>] [<B>-PN</B> <B>|</B> <B>-PO</B>] [<B>-4</B>] [<B>-d</B>] [<B>-k</B> <I>realm</I>] [<B>-x</B>] [<B>-L</B>] [<B>-l</B>
<I>username</I>]
</PRE>
<H2>DESCRIPTION</H2><PRE>
<I>Rlogin</I> connects your terminal on the current local host sys-
tem <I>lhost</I> to the remote host system <I>rhost</I>.
The version built to use Kerberos authentication is very
similar to the standard Berkeley <B>rlogin(1)</B>, except that
instead of the <I>rhosts</I> mechanism, it uses Kerberos authenti-
cation to determine the authorization to use a remote
account.
Each user may have a private authorization list in a file
.k5login in his login directory. Each line in this file
should contain a Kerberos principal name of the form
<I>principal</I>/<I>instance</I>@<I>realm</I>. If the originating user is
authenticated to one of the principals named in .k5login,
access is granted to the account. If there is no /.k5login
file, the principal will be granted access to the account
according to the aname->lname mapping rules. (See
<B>krb5_anadd(8)</B> for more details.) Otherwise a login and
password will be prompted for on the remote machine as in
<B>login(1)</B>. To avoid some security problems, the .k5login
file must be owned by the remote user.
If there is some problem in marshaling the Kerberos authen-
tication information, an error message is printed and the
standard UCB rlogin is executed in place of the Kerberos
rlogin.
A line of the form ``~.'' disconnects from the remote host,
where ``~'' is the escape character. Similarly, the line
``~^Z'' (where ^Z, control-Z, is the suspend character) will
suspend the rlogin session. Substitution of the delayed-
suspend character (normally ^Y) for the suspend character
suspends the send portion of the rlogin, but allows output
from the remote system.
The remote terminal type is the same as your local terminal
type (as given in your environment TERM variable), unless
the -<B>t</B> option is specified (see below). The terminal or
window size is also copied to the remote system if the
server supports the option, and changes in size are
reflected as well.
All echoing takes place at the remote site, so that (except
for delays) the rlogin is transparent. Flow control via ^S
and ^Q and flushing of input and output on interrupts are
handled properly.
</PRE>
<H2>OPTIONS</H2><PRE>
-<B>8</B> allows an eight-bit input data path at all times; oth-
erwise parity bits are stripped except when the remote
side's stop and start characters are other than ^S/^Q.
Eight-bit mode is the default.
-<B>L</B> allows the rlogin session to be run in litout mode.
<B>-e</B><I>c</I> sets the escape character to <I>c</I>. There is no space
separating this option flag and the new escape charac-
ter.
-<B>c</B> require confirmation before disconnecting via ``~.''
-<B>a</B> force the remote machine to ask for a password by send-
ing a null local username. This option has no effect
unless the standard UCB rlogin is executed in place of
the Kerberos rlogin (see above).
<B>-f</B> forward a copy of the local credentials to the remote
system.
<B>-F</B> forward a <I>forwardable</I> copy of the local credentials to
the remote system.
<B>-t</B> <I>termtype</I>
replace the terminal type passed to the remote host
with <I>termtype</I>.
-<B>n</B> prevent suspension of rlogin via ``~^Z'' or ``~^Y''.
-<B>7</B> force seven-bit transmissions.
-<B>d</B> turn on socket debugging (via <B>setsockopt(2)</B>) on the TCP
sockets used for communication with the remote host.
-<B>k</B> request rlogin to obtain tickets for the remote host in
realm <I>realm</I> instead of the remote host's realm as
determined by <B>krb_realmofhost(3)</B>.
<B>-x</B> turn on DES encryption for data passed via the rlogin
session. This applies only to input and output
streams, so the username is sent unencrypted. This
significantly reduces response time and significantly
increases CPU utilization.
<B>-PN</B>
<B>-PO</B> Explicitly request new or old version of the Kerberos
``rcmd'' protocol. The new protocol avoids many secu-
rity problems found in the old one, but is not interop-
erable with older servers. (An "input/output error"
and a closed connection is the most likely result of
attempting this combination.) If neither option is
specified, some simple heuristics are used to guess
which to try.
<B>-4</B> Use Kerberos V4 authentication only; don't try Kerberos
V5.
</PRE>
<H2>SEE ALSO</H2><PRE>
<B>rsh(1)</B>, <B>kerberos(3)</B>, <B>krb_sendauth(3)</B>, <B>krb_realmofhost(3)</B>,
<B>rlogin(1)</B> [UCB version], <B>klogind(8)</B>
</PRE>
<H2>FILES</H2><PRE>
~/.k5login (on remote host) - file containing Kerberos
principals that are allowed access.
</PRE>
<H2>BUGS</H2><PRE>
More of the environment should be propagated.
</PRE>
<HR>
<ADDRESS>
Man(1) output converted with
<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
</ADDRESS>
</BODY>
</HTML>
|
