NAME
     rlogin - remote login

SYNOPSIS
     rlogin  rhost  [-ec]  [-8]  [-c]  [  -a]  [-f  |  --forward]
     [--noforward] [-F | --forwardable] [--noforwardable] [--For-
     wardable] [--noForwardable] [-t termtype] [-n] [-7] [-d] [-k
     realm]  [-x  |  --encrypt] [--noencrypt] [--noflow] [-L] [-l
     username] [--version]

DESCRIPTION
     Rlogin connects your terminal on the current local host sys-
     tem lhost to the remote host system rhost.

     The version built to use  Kerberos  authentication  is  very
     similar  to  the  standard  Berkeley  rlogin(1), except that
     instead of the rhosts mechanism, it uses Kerberos  authenti-
     cation  to  determine  the  authorization  to  use  a remote
     account.

     Each user may have a private authorization list  in  a  file
     .k5login  in  his  login  directory.  Each line in this file
     should  contain  a  Kerberos  principal  name  of  the  form
     principal/instance@realm.    If   the  originating  user  is
     authenticated to one of the principals  named  in  .k5login,
     access  is granted to the account.  If there is no /.k5login
     file, the principal will be granted access  to  the  account
     according   to   the   aname->lname   mapping  rules.   (See
     krb5_anadd(8) for more  details.)   Otherwise  a  login  and
     password  will  be  prompted for on the remote machine as in
     login(1).  To avoid some  security  problems,  the  .k5login
     file must be owned by the remote user.

     If there is some problem in marshaling the Kerberos  authen-
     tication  information,  an  error message is printed and the
     standard UCB rlogin is executed in  place  of  the  Kerberos
     rlogin.

     A line of the form ``~.'' disconnects from the remote  host,
     where  ``~''  is  the escape character.  Similarly, the line
     ``~^Z'' (where ^Z, control-Z, is the suspend character) will
     suspend  the  rlogin  session.  Substitution of the delayed-
     suspend character (normally ^Y) for  the  suspend  character
     suspends  the  send portion of the rlogin, but allows output
     from the remote system.

     The remote terminal type is the same as your local  terminal
     type  (as  given  in your environment TERM variable), unless
     the -t option is specified (see  below).   The  terminal  or
     window  size  is  also  copied  to  the remote system if the
     server  supports  the  option,  and  changes  in  size   are
     reflected as well.
     All echoing takes place at the remote site, so that  (except
     for  delays) the rlogin is transparent.  Flow control via ^S
     and ^Q and flushing of input and output  on  interrupts  are
     handled properly.

OPTIONS
     -8   allows an eight-bit input data path at all times;  oth-
          erwise  parity bits are stripped except when the remote
          side's stop and start characters are other than  ^S/^Q.
          Eight-bit mode is the default.

     -L   allows the rlogin session to be run in litout mode.

     -ec  sets the escape character to  c.   There  is  no  space
          separating  this option flag and the new escape charac-
          ter.

     -c   require confirmation before disconnecting via ``~.''

     -a   force the remote machine to ask for a password by send-
          ing  a  null local username.  This option has no effect
          unless the standard UCB rlogin is executed in place  of
          the Kerberos rlogin (see above).

     -f | --forward
          forward a copy of the local credentials to  the  remote
          system.

     --noforward
          disables ticket forwarding.  This is useful  for  over-
          riding   the   application   defaults   in  the  host's
          krb5.conf(5) file.

     -F | --forwardable
          forward a forwardable copy of the local credentials  to
          the remote system.

     --Forwardable
          forward a forwardable copy of the local credentials  to
          the remote system.

     --noforwardable
          makes any forwarded tickets non-forwardable.   This  is
          useful  for  overriding the application defaults in the
          host's krb5.conf(5) file.

     --noForwardable
          makes any forwarded tickets non-forwardable.   This  is
          useful  for  overriding the application defaults in the
          host's krb5.conf(5) file.

     -t termtype
          replace the terminal type passed  to  the  remote  host
          with termtype.

     -n   prevent suspension of rlogin via ``~^Z'' or ``~^Y''.

     -7   force seven-bit transmissions.

     -d   turn on socket debugging (via setsockopt(2)) on the TCP
          sockets used for communication with the remote host.

     --noflow
          force transmission of flow control  characters  (^S/^Q)
          to the remote system.

     -k   request rlogin to obtain tickets for the remote host in
          realm  realm  instead  of  the  remote  host's realm as
          determined by krb_realmofhost(3).

     -x | --encrypt
          turn on DES encryption for all data passed via the rlo-
          gin  session.  This significantly reduces response time
          and significantly increases CPU utilization.

     --noencrypt
          disables encryption.  This is useful for overriding the
          application defaults in the host's krb5.conf(5) file.

     --version
          Prints out the KerbNet release version  of  the  binary
          and then exits.

CONFIGURATION
     The following defaults may be specified in the [appdefaults]
     or [realms] section of the krb5.conf(5) file:

     forwardable     Whether or not any forwarded tickets  should
                     be forwardable.  Takes a boolean argument.

     forward         Whether or not to  forward  tickets  to  the
                     remote host.  Takes a boolean argument.

     encrypt         Whether or not to encrypt the  data  stream.
                     Takes a boolean argument.

     For example:

               [appdefaults]
                   rlogin = {
                       forwardable = true
                       forward = true
                       encrypt = true
                   }

               [realms]
                   FUBAR.ORG = {
                       rlogin = {
                           forward = false
                       }
                   }


SEE ALSO
     rsh(1),  kerberos(3),  krb_sendauth(3),  krb_realmofhost(3),
     k5login(5), krb5.conf(5), rlogin(1) [UCB version]

FILES
     /etc/krb5.conf  file containing  local  host's  Kerberos  V5
                     configuration information
7
     ~/.k5login      (on remote host) - file containing  Kerberos
                     principals that are allowed access.

BUGS
     More of the environment should be propagated.