User Commands rlogin(1)
NAME
rlogin - remote login
SYNOPSIS
rlogin [-8EL] [-ec ] [-A] [-K] [-x] [-PN | -PO] [-f | -F] [-a]
[-l username] [-k realm] hostname
DESCRIPTION
The rlogin utility establishes a remote login session from
your terminal to the remote machine named hostname. The usercan choose to kerberize the rlogin session using Kerberos V5
and also protect the data being transferred. Hostnames are listed in the hosts database, which can be contained in the /etc/hosts file, the Network Information Service (NIS) hosts map, the Internet domain name server, or a combination of these. Each host has one official name (the first name in the database entry), and optionally one or more nicknames. Either official hostnames or nicknames can be specified in hostname.The user can opt for a secure rlogin session which uses Ker-
beros V5 for authentication. Encryption of the session datais also possible. The rlogin session can be kerberized using
any of the following Kerberos specific options: -A, -PN or
-PO, -x, -f or -F, and -k realm. Some of these options (-A,
-x, -PN or -PO, and -f or -F) can also be specified in the
[appdefaults] section of krb5.conf(4). The usage of these options and the expected behavior is discussed in the OPTIONS section below. If Kerberos authentication is used, authorization to the account is controlled through rules inkrb5_auth_rules(5). If this authorization fails, fallback to
normal rlogin using rhosts occurs only if the -PO option is
used explicitly on the command line or is specified inkrb5.conf(4). Also notice that the -PN or -PO, -x, -f or -F,
and -k realm options are just supersets of the -A option.
The remote terminal type is the same as your local terminaltype, as given in your environment TERM variable. The termi-
nal or window size is also copied to the remote system if the server supports the option. Changes in size are reflected as well. All echoing takes place at the remotesite, so that (except for delays) the remote login is tran-
sparent. Flow control using Control-S and Control-Q and
flushing of input and output on interrupts are handled prop-
erly.SunOS 5.11 Last change: 1 Apr 2010 1
User Commands rlogin(1)
OPTIONS The following options are supported:-8 Passes eight-bit data across the net instead
of seven-bit data.
-a Forces the remote machine to ask for a pass-
word by sending a null local username.-A Explicitly enables Kerberos authentication
and trusts the .k5login file for access-
control. If the authorization check byin.rlogind(1M) on the server-side succeeds
and if the .k5login file permits access, the user is allowed to login without supplying a password.-ec Specifies a different escape character, c,
for the line used to disconnect from the remote host.-E Stops any character from being recognized as
an escape character.-f Forwards a copy of the local credentials
(Kerberos Ticket Granting Ticket) to theremote system. This is a non-forwardable
ticket granting ticket. You must forward aticket granting ticket if you need to authen-
ticate yourself to other Kerberized network services on the remote host. An example is if your home directory on the remote host is NFS mounted via Kerberos V5. If your local credentials are not forwarded in this case, you can not access your home directory. Thisoption is mutually exclusive with the -F
option.-F Forwards a forwardable copy of the local
credentials (Kerberos Ticket Granting Ticket)to the remote system. The -F option provides
a superset of the functionality offered bythe -f option. For example, with the -f
option, after you connected to the remote host, any attempt to invoke /usr/bin/ftp,/usr/bin/telnet, /usr/bin/rlogin, or
SunOS 5.11 Last change: 1 Apr 2010 2
User Commands rlogin(1)
/usr/bin/rsh with the -f or -F options would
fail. Thus, you would be unable to push yoursingle network sign on trust beyond one sys-
tem. This option is mutually exclusive withthe -f option.
-k realm Causes rlogin to obtain tickets for the
remote host in realm instead of the remote host's realm as determined by krb5.conf(4).-K This option explicitly disables Kerberos
authentication. It can be used to override the autologin variable in krb5.conf(4).-l username Specifies a different username for the remote
login. If you do not use this option, the remote username used is the same as your local username.-L Allows the rlogin session to be run in
"litout" mode.-PN Explicitly requests the new (-PN) or old (-
-PO PO) version of the Kerberos `rcmd' protocol.
The new protocol avoids many security prob-
lems prevalant in the old one and is con-
sidered much more secure, but is not interop-
erable with older (MIT/SEAM) servers. The new
protocol is used by default, unless expli-
citly specified using these options or by using krb5.conf(4). If Kerberos authorization fails when using the old `rcmd' protocol,there is fallback to regular, non-kerberized
rlogin. This is not the case when the new,
more secure `rcmd' protocol is used.-x Turns on DES encryption for all data passed
through the rlogin session. This reduces
response time and increases CPU utilization. Escape Sequences Lines that you type which start with the tilde character (~) are "escape sequences." The escape character can be changedusing the -e option.
SunOS 5.11 Last change: 1 Apr 2010 3
User Commands rlogin(1)
~. Disconnects from the remote host. This is not the same as a logout, because the local host breaks the connection with no warning to the remote end. ~susp Suspends the login session, but only if you are using a shell with Job Control. susp is your"suspend" character, usually Control-Z. See
tty(1). ~dsusp Suspends the input half of the login, but output is still able to be seen (only if you are using a shell with Job Control). dsusp is your "deferredsuspend" character, usually Control-Y. See tty(1).
OPERANDShostname The remote machine on which rlogin establishes
the remote login session.USAGE
For the kerberized rlogin session, each user can have a
private authorization list in a file, .k5login, in his home directory. Each line in this file should contain a Kerberos principal name of the form principal/instance@realm. If there is a ~/.k5login file, access is granted to the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file. Otherwise, the originating user is granted access to the account if and only if the authenticated principal name of the user can bemapped to the local account name using the authenticated-
principal-name -> local-user-name mapping rules. The
.k5login file (for access control) comes into play only when Kerberos authentication is being done.For the non-secure rlogin session, each remote machine can
have a file named /etc/hosts.equiv containing a list of trusted host names with which it shares user names. Users with the same user name on both the local and remote machinecan rlogin from the machines listed in the remote machine's
/etc/hosts.equiv file without supplying a password. Indivi-
dual users camayn set up a similar private equivalence list with the file .rhosts in their home directories. Each line in this file contains two names, that is, a host name and a user name, separated by a space. An entry in a remote user's .rhosts file permits the user named username who is logged into hostname to log in to the remote machine as the remote user without supplying a password. If the name of the local host is not found in the /etc/hosts.equiv file on the remoteSunOS 5.11 Last change: 1 Apr 2010 4
User Commands rlogin(1)
machine, and the local user name and host name are not found in the remote user's .rhosts file, then the remote machine prompts for a password. Host names listed in the /etc/hosts.equiv and .rhosts files must be the official host names listed in the hosts database. Nicknames can not be used in either of these files. For security reasons, the .rhosts file must be owned by either the remote user or by root. FILES /etc/passwd Contains information about users' accounts. /usr/hosts/* For hostname version of the command. /etc/hosts.equiv List of trusted hostnames with shared user names. /etc/nologin Message displayed to users attempting to login during machine shutdown.$HOME/.rhosts Private list of trusted
hostname/username combinations.$HOME/.k5login File containing Kerberos principals
that are allowed access. /etc/krb5/krb5.conf Kerberos configuration file. /etc/hosts Hosts database.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 1 Apr 2010 5
User Commands rlogin(1)
_______________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|________________________________|
| Availability | service/network/network-clients|
|_____________________________|________________________________|
SEE ALSO
rsh(1), stty(1), tty(1), in.rlogind(1M), hosts(4),
hosts.equiv(4), krb5.conf(4), nologin(4), attributes(5),krb5_auth_rules(5)
DIAGNOSTICS The following message indicates that the machine is in the process of being shutdown and logins have been disabled: NO LOGINS: System going down in N minutes NOTES When a system is listed in hosts.equiv, its security must be as good as local security. One insecure system listed inhosts.equiv can compromise the security of the entire sys-
tem. The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP.) The functionality of the two remains the same. Only the name has changed. This implementation can only use the TCP network service.SunOS 5.11 Last change: 1 Apr 2010 6