PreviousNext

rlogin(8sec)

Performs a remote login

Synopsis

rlogin[-8EFKLdfx ] [-e char] [-l username] host

Options

-8
Allows an 8-bit input data path at all times. Without the -8 option, parity bits are not stripped if the remote side stop and start characters are^S/^Q; if they are not ^S/^Q, parity bits are stripped.

-E
Stops any character from being recognized as an escape character. When used with the -8 option, this provides a completely transparent connection.

-F
Forwards the local credentials to the remote system, and marks the remote credentials as Forwardable, allowing them to be forwarded from there to another remote system.

-K
Turns off all Kerberos authentication. If you specify this option, the command prompts for a password. The entered password is sent across the network in cleartext.

-L
Allows the rlogin session to be run in litout mode. See tty(4).

-d
Turns on socket debugging for the TCP sockets used to communicate with the remote host. See setsockopt(2).

-e
Allows users to specify the escape character. The escape character can be specified as literal or as an octal value in the form \nnn.

-f
Forwards the local credentials to the remote system, and marks the remote credentials as non-forwardable. The credentials cannot be forwarded from there to another remote system.

-l
Allows the remote username to be specified. By default, the remote username is the same as the local username.

-x
Turns on DES encryption for all data passed via the rlogin session. DES encryption may impact response time and CPU utilization, but it provides increased security. This option is subject to export control.

Description

The rlogin command starts a terminal session on the remote host. The command first attempts to use the Kerberos V5 protocol to authenticate to the remote host. If the authentication is successful, user authorization is performed as described in Kerberos Authorization below. After a successful authentication, the user is not required to enter a password and, therefore, the password is not sent over the network in cleartext. If the remote host does not support Kerberos, the command uses the standard Berkeley rhosts authorization mechanism.

Escape Characters

Unless another escape character is specified with the -e option, the ~ (tilde) is the escape character. Normally, control-Y (^Y) is the delayed-suspend character. Use the escape character to:

· Disconnect from the remote host by entering a line in the form e (where e indicates the escape character).

· Suspend the rlogin session by entering a line in the form e^Z (where e indicates the escape character).

· Suspend the send portion of the rlogin session, but allow output from the remote system by entering a line in the form e delayed-suspend character (where e indicates the escape character).

Echoing

All echoing takes place at the remote site, so that (except for delays) the rlogin is transparent. Flow control via ^S/^Q and flushing of input and output on interrupts are handled properly.

Kerberos Authorization

In order for Kerberos V5 authorization to succeed, the remote account must exist in the remote systems password file. If the local principal is using the -l option to log into a remote account with a name that differs from the principals local account name, either on of the following conditions must be true:

· A .k5login file containing the local principals name, in the form principal @realm, must exist in the remote accounts home directory. The remote account user must be the owner of the .k5login file and the only name granted write permission. In other words, the files permissions must be -rw-r-r.

· A Kerberos V5 authorization name database file must exist on the remote system.. This file must contain the name of the local principal and map the principal to an account on the remote system.

If the -l option is not being used, that is, the local principal is logging into a remote account (in the same realm) with the same name as the principals local name, neither of the above conditions are required to be met.

If Kerberos authentication fails, a warning message is printed, and the standard Berkeley rlogin is used.

Environment

The following environment variable is utilized by rlogin:

Term
Determines the users terminal type.

Diagnostics

Diagnostics can occur from both the local and remote hosts. Those that occur on the local host before the connection is completely established are written to standard error. Once the connection is established, any error messages from the remote host are written to standard output, like any other data.

login/tcp:
Unknown service

warning, cant get entry for servicename/tcp service
The rlogin command could not find the login service listed in the /etc/services database file.

unknown user id
The rlogin command could not find your user ID in the password file.

system call:...
An error occurred when rlogin attempted the indicated system call. See the appropriate manual entry for information about the error.

kcmd to host hostname failed - error message
An error occurred during Kerberos authentication. The Kerberos-specific error message will be displayed.

warning, using standard rlogin: cant provide Kerberos auth data.
Kerberos authentication failed and the host is retrying using the standard Berkeley rhosts authorization mechanism.

Related Information

Commands:

rsh(8sec)

rlogind(8sec)

Files: .k5login