NAME rlogin - remote login SYNOPSIS rlogin rhost [-ec] [-8] [-c] [ -a] [-f | --forward] [--noforward] [-F | --forwardable] [--noforwardable] [--For- wardable] [--noForwardable] [-t termtype] [-n] [-7] [-d] [-k realm] [-x | --encrypt] [--noencrypt] [--noflow] [-L] [-l username] [--version] DESCRIPTION Rlogin connects your terminal on the current local host sys- tem lhost to the remote host system rhost. The version built to use Kerberos authentication is very similar to the standard Berkeley rlogin(1), except that instead of the rhosts mechanism, it uses Kerberos authenti- cation to determine the authorization to use a remote account. Each user may have a private authorization list in a file .k5login in his login directory. Each line in this file should contain a Kerberos principal name of the form principal/instance@realm. If the originating user is authenticated to one of the principals named in .k5login, access is granted to the account. If there is no /.k5login file, the principal will be granted access to the account according to the aname->lname mapping rules. (See krb5_anadd(8) for more details.) Otherwise a login and password will be prompted for on the remote machine as in login(1). To avoid some security problems, the .k5login file must be owned by the remote user. If there is some problem in marshaling the Kerberos authen- tication information, an error message is printed and the standard UCB rlogin is executed in place of the Kerberos rlogin. A line of the form ``~.'' disconnects from the remote host, where ``~'' is the escape character. Similarly, the line ``~^Z'' (where ^Z, control-Z, is the suspend character) will suspend the rlogin session. Substitution of the delayed- suspend character (normally ^Y) for the suspend character suspends the send portion of the rlogin, but allows output from the remote system. The remote terminal type is the same as your local terminal type (as given in your environment TERM variable), unless the -t option is specified (see below). The terminal or window size is also copied to the remote system if the server supports the option, and changes in size are reflected as well. All echoing takes place at the remote site, so that (except for delays) the rlogin is transparent. Flow control via ^S and ^Q and flushing of input and output on interrupts are handled properly. OPTIONS -8 allows an eight-bit input data path at all times; oth- erwise parity bits are stripped except when the remote side's stop and start characters are other than ^S/^Q. Eight-bit mode is the default. -L allows the rlogin session to be run in litout mode. -ec sets the escape character to c. There is no space separating this option flag and the new escape charac- ter. -c require confirmation before disconnecting via ``~.'' -a force the remote machine to ask for a password by send- ing a null local username. This option has no effect unless the standard UCB rlogin is executed in place of the Kerberos rlogin (see above). -f | --forward forward a copy of the local credentials to the remote system. --noforward disables ticket forwarding. This is useful for over- riding the application defaults in the host's krb5.conf(5) file. -F | --forwardable forward a forwardable copy of the local credentials to the remote system. --Forwardable forward a forwardable copy of the local credentials to the remote system. --noforwardable makes any forwarded tickets non-forwardable. This is useful for overriding the application defaults in the host's krb5.conf(5) file. --noForwardable makes any forwarded tickets non-forwardable. This is useful for overriding the application defaults in the host's krb5.conf(5) file. -t termtype replace the terminal type passed to the remote host with termtype. -n prevent suspension of rlogin via ``~^Z'' or ``~^Y''. -7 force seven-bit transmissions. -d turn on socket debugging (via setsockopt(2)) on the TCP sockets used for communication with the remote host. --noflow force transmission of flow control characters (^S/^Q) to the remote system. -k request rlogin to obtain tickets for the remote host in realm realm instead of the remote host's realm as determined by krb_realmofhost(3). -x | --encrypt turn on DES encryption for all data passed via the rlo- gin session. This significantly reduces response time and significantly increases CPU utilization. --noencrypt disables encryption. This is useful for overriding the application defaults in the host's krb5.conf(5) file. --version Prints out the KerbNet release version of the binary and then exits. CONFIGURATION The following defaults may be specified in the [appdefaults] or [realms] section of the krb5.conf(5) file: forwardable Whether or not any forwarded tickets should be forwardable. Takes a boolean argument. forward Whether or not to forward tickets to the remote host. Takes a boolean argument. encrypt Whether or not to encrypt the data stream. Takes a boolean argument. For example: [appdefaults] rlogin = { forwardable = true forward = true encrypt = true } [realms] FUBAR.ORG = { rlogin = { forward = false } } SEE ALSO rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), k5login(5), krb5.conf(5), rlogin(1) [UCB version] FILES /etc/krb5.conf file containing local host's Kerberos V5 configuration information 7 ~/.k5login (on remote host) - file containing Kerberos principals that are allowed access. BUGS More of the environment should be propagated.