Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for rlogin (opensolaris section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

rlogin(1)				  User Commands 				rlogin(1)

       rlogin - remote login

       rlogin [-8EL] [-ec ] [-A] [-K] [-x] [-PN | -PO] [-f | -F] [-a]
	    [-l username] [-k realm] hostname

       The  rlogin  utility  establishes  a remote login session from your terminal to the remote
       machine named hostname. The user can choose to kerberize the rlogin session using Kerberos
       V5 and also protect the data being transferred.

       Hostnames are listed in the hosts database, which can be contained in the /etc/hosts file,
       the Network Information Service (NIS) hosts map, the Internet domain  name  server,  or	a
       combination  of	these.	Each  host  has one official name (the first name in the database
       entry), and optionally one or more nicknames. Either official hostnames or  nicknames  can
       be specified in hostname.

       The  user  can  opt for a secure rlogin session which uses Kerberos V5 for authentication.
       Encryption of the session data is also possible. The  rlogin  session  can  be  kerberized
       using any of the following Kerberos specific options: -A, -PN or -PO, -x, -f or -F, and -k
       realm. Some of these options (-A, -x, -PN or -PO, and -f or -F) can also be  specified  in
       the  [appdefaults]  section  of	krb5.conf(4). The usage of these options and the expected
       behavior is discussed in the OPTIONS section below. If Kerberos	authentication	is  used,
       authorization  to  the  account is controlled through rules in krb5_auth_rules(5). If this
       authorization fails, fallback to normal rlogin using rhosts occurs only if the -PO  option
       is  used  explicitly on the command line or is specified in krb5.conf(4). Also notice that
       the -PN or -PO, -x, -f or -F, and -k realm options are just supersets of the -A option.

       The remote terminal type is the same as your local terminal type, as given in  your  envi-
       ronment	TERM variable. The terminal or window size is also copied to the remote system if
       the server supports the option. Changes in size are reflected as well. All  echoing  takes
       place  at  the  remote  site, so that (except for delays) the remote login is transparent.
       Flow control using Control-S and Control-Q and flushing of input and output on  interrupts
       are handled properly.

       The following options are supported:

       -8	      Passes eight-bit data across the net instead of seven-bit data.

       -a	      Forces  the  remote  machine  to ask for a password by sending a null local

       -A	      Explicitly enables Kerberos authentication and trusts the .k5login file for
		      access-control. If the authorization check by in.rlogind(1M) on the server-
		      side succeeds and if the .k5login file permits access, the user is  allowed
		      to login without supplying a password.

       -ec	      Specifies  a different escape character, c, for the line used to disconnect
		      from the remote host.

       -E	      Stops any character from being recognized as an escape character.

       -f	      Forwards a copy of the local credentials (Kerberos Ticket Granting  Ticket)
		      to the remote system. This is a non-forwardable ticket granting ticket. You
		      must forward a ticket granting ticket if you need to authenticate  yourself
		      to  other  Kerberized network services on the remote host. An example is if
		      your home directory on the remote host is NFS mounted via Kerberos  V5.  If
		      your  local  credentials are not forwarded in this case, you can not access
		      your home directory. This option is mutually exclusive with the -F option.

       -F	      Forwards a forwardable copy  of  the  local  credentials	(Kerberos  Ticket
		      Granting Ticket) to the remote system. The -F option provides a superset of
		      the functionality offered by the	-f  option.  For  example,  with  the  -f
		      option,  after  you  connected  to  the  remote host, any attempt to invoke
		      /usr/bin/ftp, /usr/bin/telnet, /usr/bin/rlogin, or /usr/bin/rsh with the -f
		      or  -F  options  would  fail. Thus, you would be unable to push your single
		      network sign on trust beyond one system. This option is mutually	exclusive
		      with the -f option.

       -k realm       Causes rlogin to obtain tickets for the remote host in realm instead of the
		      remote host's realm as determined by krb5.conf(4).

       -K	      This option explicitly disables Kerberos authentication. It can be used  to
		      override the autologin variable in krb5.conf(4).

       -l username    Specifies a different username for the remote login. If you do not use this
		      option, the remote username used is the same as your local username.

       -L	      Allows the rlogin session to be run in "litout" mode.

       -PN	      Explicitly requests the new (-PN) or old	(-PO)  version	of  the  Kerberos
       -PO	      `rcmd'  protocol.  The new protocol avoids many security problems prevalant
		      in the old one and is considered much more secure, but is not interoperable
		      with  older (MIT/SEAM) servers. The new protocol is used by default, unless
		      explicitly specified using these options or by using krb5.conf(4). If  Ker-
		      beros  authorization  fails  when  using	the old `rcmd' protocol, there is
		      fallback to regular, non-kerberized rlogin. This is not the case	when  the
		      new, more secure `rcmd' protocol is used.

       -x	      Turns  on  DES  encryption  for all data passed through the rlogin session.
		      This reduces response time and increases CPU utilization.

   Escape Sequences
       Lines that you type which start with the tilde character (~) are "escape  sequences."  The
       escape character can be changed using the -e option.

       ~.	 Disconnects  from the remote host. This is not the same as a logout, because the
		 local host breaks the connection with no warning to the remote end.

       ~susp	 Suspends the login session, but only if you are using a shell with Job  Control.
		 susp is your "suspend" character, usually Control-Z. See tty(1).

       ~dsusp	 Suspends  the input half of the login, but output is still able to be seen (only
		 if you are using a shell with Job Control). dsusp  is	your  "deferred  suspend"
		 character, usually Control-Y. See tty(1).

       hostname    The remote machine on which rlogin establishes the remote login session.

       For  the  kerberized  rlogin session, each user can have a private authorization list in a
       file, .k5login, in his home directory. Each line in this file should  contain  a  Kerberos
       principal name of the form principal/instance@realm. If there is a ~/.k5login file, access
       is granted to the account if and only if the originating user is authenticated to  one  of
       the  principals	named  in the ~/.k5login file. Otherwise, the originating user is granted
       access to the account if and only if the authenticated principal name of the user  can  be
       mapped to the local account name using the authenticated-principal-name -> local-user-name
       mapping rules. The .k5login file (for access control) comes into play only  when  Kerberos
       authentication is being done.

       For   the   non-secure  rlogin  session,  each  remote  machine	can  have  a  file  named
       /etc/hosts.equiv containing a list of trusted host names with which it shares user  names.
       Users  with  the  same  user name on both the local and remote machine can rlogin from the
       machines listed in the remote machine's /etc/hosts.equiv file without  supplying  a  pass-
       word.  Individual  users  camayn  set  up a similar private equivalence list with the file
       .rhosts in their home directories. Each line in this file contains two names, that  is,	a
       host  name and a user name, separated by a space. An entry in a remote user's .rhosts file
       permits the user named username who is logged into  hostname  to  log  in  to  the  remote
       machine	as the remote user without supplying a password. If the name of the local host is
       not found in the /etc/hosts.equiv file on the remote machine, and the local user name  and
       host name are not found in the remote user's .rhosts file, then the remote machine prompts
       for a password. Host names listed in the /etc/hosts.equiv and .rhosts files  must  be  the
       official  host  names listed in the hosts database. Nicknames can not be used in either of
       these files.

       For security reasons, the .rhosts file must be owned by either the remote user or by root.

       /etc/passwd	      Contains information about users' accounts.

       /usr/hosts/*	      For hostname version of the command.

       /etc/hosts.equiv       List of trusted hostnames with shared user names.

       /etc/nologin	      Message displayed to users attempting to login during machine shut-

       $HOME/.rhosts	      Private list of trusted hostname/username combinations.

       $HOME/.k5login	      File containing Kerberos principals that are allowed access.

       /etc/krb5/krb5.conf    Kerberos configuration file.

       /etc/hosts	      Hosts database.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWrcmdc 		   |

       rsh(1),	stty(1),  tty(1),  in.rlogind(1M),  hosts(4),hosts.equiv(4),  krb5.conf(4), nolo-
       gin(4), attributes(5), krb5_auth_rules(5)

       The following message indicates that the machine is in the process of being  shutdown  and
       logins have been disabled:

	 NO LOGINS: System going down in N minutes

       When  a	system	is listed in hosts.equiv, its security must be as good as local security.
       One insecure system listed in hosts.equiv can compromise the security of the  entire  sys-

       The  Network  Information  Service  (NIS) was formerly known as Sun Yellow Pages (YP.) The
       functionality of the two remains the same. Only the name has changed.

       This implementation can only use the TCP network service.

SunOS 5.11				   23 Dec 2008					rlogin(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 10:59 AM.