Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
rlogin(1)			 User Commands			     rlogin(1)

       rlogin -	remote login

       rlogin  [-8EL]  [-ec ] [-A] [-x]	[-PN | -PO]  [-f | -F]	[-a] [-l user-
       name] [-k realm]	hostname

       The rlogin utility establishes a	remote login session from your	termi-
       nal  to	the remote machine named hostname. The user can	choose to ker-
       berize the rlogin session using Kerberos	V5 and also protect  the  data
       being transferred.

       Hostnames  are  listed in the hosts database, which may be contained in
       the /etc/hosts and /etc/inet/ipnodes  files,  the  Network  Information
       Service (NIS) hosts map,	the Internet domain name server, or a combina-
       tion of these. Each host	has one	official name (the first name  in  the
       database	 entry), and optionally	one or more nicknames. Either official
       hostnames or nicknames may be specified in hostname.

       The user	can opt	for a secure rlogin session which uses Kerberos	V5 for
       authentication.	Encryption  of	the session data is also possible. The
       rlogin session can be kerberized	using any of  the  following  Kerberos
       specific	 options:  -A, -PN or -PO, -x, -f or -F, and -k	realm. Some of
       these options (-x, -PNor	-PO, and -f or -F) can also  be	 specified  in
       the  [appdefaults]  section of krb5.conf(4). The	usage of these options
       and the expected	behavior is discussed in the OPTIONS section below. If
       Kerberos	 authentication	 is used, authorization	to the account is con-
       trolled through rules  in  krb5_auth_rules(5).  If  this	 authorization
       fails,  fallback	 to  normal rlogin using rhosts	will occur only	if the
       -PO option is used explicitly on	the command line or  is	 specified  in
       krb5.conf(4).  Also  notice  that  the -PN or -PO, -x, -f or -F,	and -k
       realm options are just supersets	of the -A option.

       The remote terminal type	is the same as your local  terminal  type,  as
       given in	your environment TERM variable.	The terminal or	window size is
       also copied to the remote system	if the	server	supports  the  option.
       Changes	in  size are reflected as well.	All echoing takes place	at the
       remote site, so that (except for	delays)	the remote login is  transpar-
       ent. Flow control using <Control-S> and <Control-Q> and flushing	of in-
       put and output on interrupts are	handled	properly.

       The following options are supported:

       -8	       Passes eight-bit	data across the	net instead of	seven-
		       bit data.

       -a	       Forces  the  remote  machine  to	 ask for a password by
		       sending a null local username.

       -A	       Explicitly enables Kerberos authentication  and	trusts
		       the .k5login file for access-control. If	the authoriza-
		       tion check by in.rlogind(1M) on	the  server-side  suc-
		       ceeds and if the	.k5login file permits access, the user
		       is allowed to login without supplying a password.

       -ec	       Specifies a different escape character, c, for the line
		       used to disconnect from the remote host.

       -E	       Stops  any character from being recognized as an	escape

       -f	       Forwards	a copy	of  the	 local	credentials  (Kerberos
		       Ticket Granting Ticket) to the remote system. This is a
		       non-forwardable ticket granting ticket. You  must  for-
		       ward a ticket granting ticket if	you need to  authenti-
		       cate yourself to	other Kerberized network  services  on
		       the  remote  host. An example is	if your	home directory
		       on the remote host is NFS mounted via Kerberos  V5.  If
		       your  local credentials are not forwarded in this case,
		       you will	not be able to	access	your  home  directory.
		       This option is mutually exclusive with the -F option.

       -F	       Forwards	 a  forwardable	 copy of the local credentials
		       (Kerberos Ticket	Granting Ticket) to the	remote system.
		       The  -F option provides a superset of the functionality
		       offered by the -f option. For example, with the -f  op-
		       tion,  after  you connected to the remote host, any at-
		       tempt   to   invoke   /usr/bin/ftp,    /usr/bin/telnet,
		       /usr/bin/rlogin,	 or /usr/bin/rsh with the -f or	-F op-
		       tions would fail. Thus, you would  be  unable  to  push
		       your  single  network sign on trust beyond one  system.
		       This option is mutually exclusive with the -f option.

       -k realm	       Causes rlogin to	obtain tickets for the remote host  in
		       realm  instead of the remote host's realm as determined
		       by krb5.conf(4).

       -l username     Specifies a different username for the remote login. If
		       you do not use this option, the remote username used is
		       the same	as your	local username.

       -L	       Allows the rlogin session to be run in "litout" mode.

       -PN	       Explicitly requests the new (-PN) or old	(-PO)  version
       -PO	       of  the	Kerberos  `rcmd'  protocol.  The  new protocol
		       avoids many security problems prevalant in the old  one
		       and is considered much more secure, but is not interop-
		       erable with older (MIT/SEAM) servers. The new  protocol
		       is  used	 by default, unless explicitly specified using
		       these options or	by using krb5.conf(4). If Kerberos au-
		       thorization  fails  when	using the old `rcmd' protocol,
		       there is	fallback to  regular,  non-kerberized  rlogin.
		       This  is	 not the case when the new, more secure	`rcmd'
		       protocol	is used.

       -x	       Turns on	DES encryption for all data passed through the
		       rlogin  session.	 This  reduces	response  time and in-
		       creases CPU utilization.

   Escape Sequences
       Lines that you type which start with the	tilde character	(~)  are  "es-
       cape  sequences."  The escape character can be changed using the	-e op-

       ~.	       Disconnects from	the remote host. This is not the  same
		       as  a logout, because the local host breaks the connec-
		       tion with no warning to the remote end.

       ~susp	       Suspends	the login session, but only if you are using a
		       shell  with Job Control.	susp is	your "suspend" charac-
		       ter, usually Control-Z. See tty(1).

       ~dsusp	       Suspends	the input half of the login, but  output  will
		       still  be  seen (only if	you are	using a	shell with Job
		       Control). dsusp is your "deferred  suspend"  character,
		       usually Control-Y. See tty(1).

       hostname	       The  remote machine on which rlogin establishes the re-
		       mote login session.

       For the kerberized rlogin session, each user may	have a private	autho-
       rization	 list in a file, .k5login, in his home directory. Each line in
       this file should	contain	a Kerberos principal name of the form  princi-
       pal/instance@realm.   If	 there is a ~/.k5login file, access is granted
       to the account if and only if the originating user   is	 authenticated
       to  one	of the principals named	in the ~/.k5login file.	Otherwise, the
       originating user	will be	granted	access to the account if and  only  if
       the authenticated principal name	of the user can	be mapped to the local
       account name using the authenticated-principal-name ->  local-user-name
       mapping	rules.	The .k5login file (for access control) comes into play
       only when Kerberos authentication is being done.

       For the non-secure rlogin session, each remote machine may have a  file
       named  /etc/hosts.equiv	containing  a  list of trusted host names with
       which it	shares user names. Users with the same user name on  both  the
       local and remote	machine	may rlogin from	the machines listed in the re-
       mote machine's /etc/hosts.equiv file without supplying a	password.  In-
       dividual	  users	may set	up a similar private equivalence list with the
       file .rhosts in their home directories. Each line in this file contains
       two  names, that	is, a host name	and a user name, separated by a	space.
       An entry	in a remote user's .rhosts file	permits	the user  named	 user-
       name  who  is  logged into hostname to log in to	the remote  machine as
       the remote user without supplying a password. If	the name of the	 local
       host  is	 not found in the /etc/hosts.equiv file	on the remote machine,
       and the local user name and host	name  are  not	found  in  the	remote
       user's  .rhosts	 file, then the	remote machine will prompt for a pass-
       word. Host names	listed in the /etc/hosts.equiv and .rhosts files  must
       be  the official	host names listed in the hosts database. Nicknames may
       not be used in either of	these files.

       For security reasons, the .rhosts file must be owned by either the  re-
       mote user or by root.

       /etc/passwd	       Contains	information about users' accounts.

       /usr/hosts/*	       For hostname version of the command.

       /etc/hosts.equiv	       List  of	 trusted  hostnames  with  shared user

       /etc/nologin	       Message displayed to users attempting to	 login
			       during machine shutdown.

       $HOME/.rhosts	       Private	list of	trusted	hostname/username com-

       $HOME/.k5login	       File containing Kerberos	 principals  that  are
			       allowed access.

       /etc/krb5/krb5.conf     Kerberos	configuration file.

       /etc/hosts	       Hosts database.

       /etc/inet/ipnodes       Hosts database.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWrcmdc			   |

       rsh(1),	stty(1), tty(1), in.rlogind(1M), hosts(4),hosts.equiv(4), ipn-
       odes(4),	krb5.conf(4), nologin(4), attributes(5), krb5_auth_rules(5)

       The following message indicates that the	machine	is in the  process  of
       being shutdown and logins have been disabled:

       NO LOGINS: System going down in N minutes

       When a system is	listed in hosts.equiv, its security must be as good as
       local security. One insecure system listed in hosts.equiv  can  compro-
       mise the	security of the	entire system.

       The  Network Information	Service	(NIS) was formerly known as Sun	Yellow
       Pages (YP.) The functionality of	the two	remains	 the  same.  Only  the
       name has	changed.

       This implementation can only use	the TCP	network	service.

SunOS 5.10			  16 Dec 2004			     rlogin(1)


Want to link to this manual page? Use this URL:

home | help