RLOGIN(1)						      General Commands Manual							 RLOGIN(1)

NAME

       rlogin - remote login

SYNOPSIS

       rlogin rhost [-ec] [-8] [-c] [ -a] [-f] [-F] [-t termtype] [-n] [-7] [-PN | -PO] [-d] [-k realm] [-x] [-L] [-l username]

DESCRIPTION

       Rlogin connects your terminal on the current local host system lhost to the remote host system rhost.

       The  version  built  to	use  Kerberos authentication is very similar to the standard Berkeley rlogin(1), except that instead of the rhosts
       mechanism, it uses Kerberos authentication to determine the authorization to use a remote account.

       Each user may have a private authorization list in a file .k5login in his login directory.  Each line in this file should  contain  a  Ker-
       beros  principal  name  of  the	form principal/instance@realm.	If the originating user is authenticated to one of the principals named in
       .k5login, access is granted to the account.  If there is no /.k5login file, the principal will be granted access to the	account  according
       to  the	aname->lname  mapping  rules.	(See  krb5_anadd(8) for more details.)	Otherwise a login and password will be prompted for on the
       remote machine as in login(1).  To avoid some security problems, the .k5login file must be owned by the remote user.

       If there is some problem in marshaling the Kerberos authentication information, an error message is printed and the standard UCB rlogin	is
       executed in place of the Kerberos rlogin.

       A  line	of  the form ``~.'' disconnects from the remote host, where ``~'' is the escape character.  Similarly, the line ``~^Z'' (where ^Z,
       control-Z, is the suspend character) will suspend the rlogin session.  Substitution of the delayed-suspend character (normally ^Y) for  the
       suspend character suspends the send portion of the rlogin, but allows output from the remote system.

       The  remote  terminal  type  is	the same as your local terminal type (as given in your environment TERM variable), unless the -t option is
       specified (see below).  The terminal or window size is also copied to the remote system if the server supports the option, and  changes	in
       size are reflected as well.

       All echoing takes place at the remote site, so that (except for delays) the rlogin is transparent.  Flow control via ^S and ^Q and flushing
       of input and output on interrupts are handled properly.

OPTIONS

       -8     allows an eight-bit input data path at all times; otherwise parity bits are stripped except when the remote side's  stop	and  start
	      characters are other than ^S/^Q.	Eight-bit mode is the default.

       -L     allows the rlogin session to be run in litout mode.

       -ec    sets the escape character to c.  There is no space separating this option flag and the new escape character.

       -c     require confirmation before disconnecting via ``~.''

       -a     force  the remote machine to ask for a password by sending a null local username.  This option has no effect unless the standard UCB
	      rlogin is executed in place of the Kerberos rlogin (see above).

       -f     forward a copy of the local credentials to the remote system.

       -F     forward a forwardable copy of the local credentials to the remote system.

       -t termtype
	      replace the terminal type passed to the remote host with termtype.

       -n     prevent suspension of rlogin via ``~^Z'' or ``~^Y''.

       -7     force seven-bit transmissions.

       -d     turn on socket debugging (via setsockopt(2)) on the TCP sockets used for communication with the remote host.

       -k     request rlogin to obtain tickets for the remote host in realm realm instead of the remote host's realm as  determined  by  krb_real-
	      mofhost(3).

       -x     turn  on	DES  encryption  for  all  data passed via the rlogin session.	This significantly reduces response time and significantly
	      increases CPU utilization.

       -PN

       -PO    Explicitly request new or old version of the Kerberos ``rcmd'' protocol.	The new protocol avoids many security  problems  found	in
	      the  old	one,  but  is  not  interoperable with older servers.  (An "input/output error" and a closed connection is the most likely
	      result of attempting this combination.)  If neither option is specified, some simple heuristics are used to guess which to try.

SEE ALSO

       rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), rlogin(1) [UCB version]

FILES

       ~/.k5login  (on remote host) - file containing Kerberos principals that are allowed access.

BUGS

       More of the environment should be propagated.

																	 RLOGIN(1)