NAME

     rlogin - remote login


SYNOPSIS

     rlogin rhost [-ec] [-8] [-c] [ -a] [-f] [-F]  [-t  termtype]
     [-n]  [-7]  [-PN  |  -PO] [-4] [-d] [-k realm] [-x] [-L] [-l
     username]


DESCRIPTION

     Rlogin connects your terminal on the current local host sys-
     tem lhost to the remote host system rhost.

     The version built to use  Kerberos  authentication  is  very
     similar  to  the  standard  Berkeley  rlogin(1), except that
     instead of the rhosts mechanism, it uses Kerberos  authenti-
     cation  to  determine  the  authorization  to  use  a remote
     account.

     Each user may have a private authorization list  in  a  file
     .k5login  in  his  login  directory.  Each line in this file
     should  contain  a  Kerberos  principal  name  of  the  form
     principal/instance@realm.    If   the  originating  user  is
     authenticated to one of the principals  named  in  .k5login,
     access  is granted to the account.  If there is no /.k5login
     file, the principal will be granted access  to  the  account
     according   to   the   aname->lname   mapping  rules.   (See
     krb5_anadd(8) for more  details.)   Otherwise  a  login  and
     password  will  be  prompted for on the remote machine as in
     login(1).  To avoid some  security  problems,  the  .k5login
     file must be owned by the remote user.

     If there is some problem in marshaling the Kerberos  authen-
     tication  information,  an  error message is printed and the
     standard UCB rlogin is executed in  place  of  the  Kerberos
     rlogin.

     A line of the form ``~.'' disconnects from the remote  host,
     where  ``~''  is  the escape character.  Similarly, the line
     ``~^Z'' (where ^Z, control-Z, is the suspend character) will
     suspend  the  rlogin  session.  Substitution of the delayed-
     suspend character (normally ^Y) for  the  suspend  character
     suspends  the  send portion of the rlogin, but allows output
     from the remote system.

     The remote terminal type is the same as your local  terminal
     type  (as  given  in your environment TERM variable), unless
     the -t option is specified (see  below).   The  terminal  or
     window  size  is  also  copied  to  the remote system if the
     server  supports  the  option,  and  changes  in  size   are
     reflected as well.


     All echoing takes place at the remote site, so that  (except
     for  delays) the rlogin is transparent.  Flow control via ^S
     and ^Q and flushing of input and output  on  interrupts  are
     handled properly.


OPTIONS

     -8   allows an eight-bit input data path at all times;  oth-
          erwise  parity bits are stripped except when the remote
          side's stop and start characters are other than  ^S/^Q.
          Eight-bit mode is the default.

     -L   allows the rlogin session to be run in litout mode.

     -ec  sets the escape character to  c.   There  is  no  space
          separating  this option flag and the new escape charac-
          ter.

     -c   require confirmation before disconnecting via ``~.''

     -a   force the remote machine to ask for a password by send-
          ing  a  null local username.  This option has no effect
          unless the standard UCB rlogin is executed in place  of
          the Kerberos rlogin (see above).

     -f   forward a copy of the local credentials to  the  remote
          system.

     -F   forward a forwardable copy of the local credentials  to
          the remote system.

     -t termtype
          replace the terminal type passed  to  the  remote  host
          with termtype.

     -n   prevent suspension of rlogin via ``~^Z'' or ``~^Y''.

     -7   force seven-bit transmissions.

     -d   turn on socket debugging (via setsockopt(2)) on the TCP
          sockets used for communication with the remote host.

     -k   request rlogin to obtain tickets for the remote host in
          realm  realm  instead  of  the  remote  host's realm as
          determined by krb_realmofhost(3).

     -x   turn on DES encryption for data passed via  the  rlogin
          session.    This  applies  only  to  input  and  output
          streams, so the username  is  sent  unencrypted.   This
          significantly  reduces  response time and significantly
          increases CPU utilization.

     -PN
     -PO  Explicitly request new or old version of  the  Kerberos
          ``rcmd''  protocol.  The new protocol avoids many secu-
          rity problems found in the old one, but is not interop-
          erable  with  older  servers.  (An "input/output error"
          and a closed connection is the most  likely  result  of
          attempting  this  combination.)   If  neither option is
          specified, some simple heuristics  are  used  to  guess
          which to try.

     -4   Use Kerberos V4 authentication only; don't try Kerberos
          V5.


SEE ALSO

     rsh(1),  kerberos(3),  krb_sendauth(3),  krb_realmofhost(3),
     rlogin(1) [UCB version], klogind(8)


FILES

     ~/.k5login  (on remote  host)  -  file  containing  Kerberos
                 principals that are allowed access.


BUGS

     More of the environment should be propagated.































Man(1) output converted with man2html