NAME
     rsh - remote shell

SYNOPSIS
     rsh host [-l username] [-n] [-d] [-k realm] [-f |  --forward
     |   -F   |   --forwardable]   [--Forwardable]  [--noforward]
     [--noforwardable]   [--noForwardable]   [-x   |   --encrypt]
     [--noencrypt] [--noflow] [fB/-/-version] command

DESCRIPTION
     Rsh connects to the specified host, and executes the  speci-
     fied  command.   Rsh copies its standard input to the remote
     command, the standard output of the remote  command  to  its
     standard  output,  and the standard error of the remote com-
     mand to its standard error.  This implementation of rsh will
     accept  any  port for the standard error stream.  Interrupt,
     quit and terminate signals are propagated to the remote com-
     mand; rsh normally terminates when the remote command does.

     Each user may have a private authorization list  in  a  file
     .k5login  in  his  login  directory.  Each line in this file
     should  contain  a  Kerberos  principal  name  of  the  form
     principal/instance@realm.   If  there  is a ~/.k5login file,
     then access is granted to the account if  and  only  if  the
     originater  user  is  authenticated to one of the princiapls
     named in the ~/.k5login file.   Otherwise,  the  originating
     user  will  be  granted access to the account if and only if
     the authenticated principal name of the user can  be  mapped
     to  the  local account name using the aname -> lname mapping
     rules (see krb5_anadd(8) for more details).

OPTIONS
     -l username
          sets the remote username to username.   Otherwise,  the
          remote username will be the same as the local username.

     -x | --encrypt
          causes the network session traffic to be encrypted.

     --noencrypt
          disables encryption.  This is useful for overriding the
          application defaults in the host's krb5.conf(5) file.

     -f | --forward
          The -f and --forward options cause Kerberos credentials
          to  be  forwarded  to the remote machine for use by the
          specified command.  They will be removed  when  command
          finishes.   This  option is mutually exclusive with the
          -F or --forwardable options.

     -F | --forwardable , --Forwardable
          The -F ,  --forwardable  ,  and  --Forwardable  options
          cause  forwardable Kerberos credentials to be forwarded
          to the remote machine for use by the specified command.
          They  will  be  removed  when  command  finishes.  This
          option is mutually exclusive with the -f  or  --forward
          options.

     --noforward
          disables ticket forwarding.  This is useful  for  over-
          riding   the   application   defaults   in  the  host's
          krb5.conf(5) file.

     --noforwardable
          The --noforwardable , and --noForwardable options  make
          any  forwarded tickets non-forwardable.  This is useful
          for overriding the application defaults in  the  host's
          krb5.conf(5) file.

     -krealm
          causes rsh to obtain tickets for  the  remote  host  in
          realm  instead of the remote host's realm as determined
          by krb_realmofhost(3).

     -d   turns on socket debugging (via  setsockopt(2))  on  the
          TCP  sockets  used  for  communication  with the remote
          host.

     -n   redirects input from the special device /dev/null  (see
          the BUGS section below).

     --noflow
          If rsh causes you to be logged  into  the  remote  host
          using rlogin(1), this option passes the --noflow option
          to rlogin.

     If you omit command, then instead of executing a single com-
     mand,  you  will  be logged in on the remote host using rlo-
     gin(1).

     Shell metacharacters which are not quoted are interpreted on
     the  local  machine,  while quoted metacharacters are inter-
     preted on the remote machine.  Thus the command

        rsh otherhost cat remotefile >> localfile

     appends the remote file remotefile to the local file  local-
     file, while

        rsh otherhost cat remotefile ">>" otherremotefile

     appends remotefile to otherremotefile.

exits.
     Prints out the KerbNet release version of  the  binary  and  then

CONFIGURATION
     The following defaults may be specified in the [appdefaults]
     or [realms] section of the krb5.conf(5) file:

     forwardable     Whether or not any forwarded tickets  should
                     be forwardable.  Takes a boolean argument.

     forward         Whether or not to  forward  tickets  to  the
                     remote host.  Takes a boolean argument.

     encrypt         Whether or not to encrypt the  data  stream.
                     Takes a boolean argument.

     For example:

               [appdefaults]
                   rsh = {
                       forwardable = true
                       forward = true
                       encrypt = true
                   }
               [realms]
                   FUBAR.ORG = {
                       rsh = {
                           forward = false
                       }
                   }


FILES
     /etc/hosts
7
     /etc/krb5.conf  file containing  local  host's  Kerberos  V5
                     configuration information
7
     ~/.k5login      (on remote host) - file containing  Kerberos
                     principals that are allowed access.

SEE ALSO
     rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3),
     k5login(5), krb5.conf(5)

BUGS
     If you are using csh(1) and put a rsh(1) in  the  background
     without  redirecting  its  input  away from the terminal, it
     will block even if no reads are posted by  the  remote  com-
     mand.   If no input is desired you should redirect the input
     of rsh to /dev/null using the -n option.

     You cannot run an  interactive  command  (like  rogue(6)  or


     Stop signals stop the local rsh process only; this is  argu-
     ably  wrong,  but currently hard to fix for reasons too com-
     plicated to explain here.