|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
User Commands rlogin(1)
NAME
rlogin - remote login
SYNOPSIS
rlogin [-8EL] [-ec ] [-A] [-x] [-PN | -PO] [-f | -F] [-a]
[-l username] [-k realm] hostname
DESCRIPTION
The rlogin utility establishes a remote login session from
your terminal to the remote machine named hostname. The user
can choose to kerberize the rlogin session using Kerberos V5
and also protect the data being transferred.
Hostnames are listed in the hosts database, which may be
contained in the /etc/hosts and /etc/inet/ipnodes files, the
Network Information Service (NIS) hosts map, the Internet
domain name server, or a combination of these. Each host has
one official name (the first name in the database entry),
and optionally one or more nicknames. Either official host-
names or nicknames may be specified in hostname.
The user can opt for a secure rlogin session which uses Ker-
beros V5 for authentication. Encryption of the session data
is also possible. The rlogin session can be kerberized using
any of the following Kerberos specific options: -A, -PN or
-PO, -x, -f or -F, and -k realm. Some of these options (-x,
-PNor -PO, and -f or -F) can also be specified in the
[appdefaults] section of krb5.conf(4). The usage of these
options and the expected behavior is discussed in the
OPTIONS section below. If Kerberos authentication is used,
authorization to the account is controlled through rules in
krb5_auth_rules(5). If this authorization fails, fallback to
normal rlogin using rhosts will occur only if the -PO option
is used explicitly on the command line or is specified in
krb5.conf(4). Also notice that the -PN or -PO, -x, -f or -F,
and -k realm options are just supersets of the -A option.
The remote terminal type is the same as your local terminal
type, as given in your environment TERM variable. The termi-
nal or window size is also copied to the remote system if
the server supports the option. Changes in size are
reflected as well. All echoing takes place at the remote
site, so that (except for delays) the remote login is tran-
sparent. Flow control using <Control-S> and <Control-Q> and
flushing of input and output on interrupts are handled prop-
erly.
OPTIONS
The following options are supported:
-8 Passes eight-bit data across the net instead
of seven-bit data.
SunOS 5.10 Last change: 16 Dec 2004 1
User Commands rlogin(1)
-a Forces the remote machine to ask for a pass-
word by sending a null local username.
-A Explicitly enables Kerberos authentication
and trusts the .k5login file for access-
control. If the authorization check by
in.rlogind(1M) on the server-side succeeds
and if the .k5login file permits access, the
user is allowed to login without supplying a
password.
-ec Specifies a different escape character, c,
for the line used to disconnect from the
remote host.
-E Stops any character from being recognized as
an escape character.
-f Forwards a copy of the local credentials
(Kerberos Ticket Granting Ticket) to the
remote system. This is a non-forwardable
ticket granting ticket. You must forward a
ticket granting ticket if you need to
authenticate yourself to other Kerberized
network services on the remote host. An
example is if your home directory on the
remote host is NFS mounted via Kerberos V5.
If your local credentials are not forwarded
in this case, you will not be able to access
your home directory. This option is mutually
exclusive with the -F option.
-F Forwards a forwardable copy of the local
credentials (Kerberos Ticket Granting
Ticket) to the remote system. The -F option
provides a superset of the functionality
offered by the -f option. For example, with
the -f option, after you connected to the
remote host, any attempt to invoke
/usr/bin/ftp, /usr/bin/telnet,
/usr/bin/rlogin, or /usr/bin/rsh with the -f
or -F options would fail. Thus, you would be
SunOS 5.10 Last change: 16 Dec 2004 2
User Commands rlogin(1)
unable to push your single network sign on
trust beyond one system. This option is
mutually exclusive with the -f option.
-k realm Causes rlogin to obtain tickets for the
remote host in realm instead of the remote
host's realm as determined by krb5.conf(4).
-l username Specifies a different username for the
remote login. If you do not use this option,
the remote username used is the same as your
local username.
-L Allows the rlogin session to be run in
"litout" mode.
-PN Explicitly requests the new (-PN) or old (-
-PO PO) version of the Kerberos `rcmd' protocol.
The new protocol avoids many security prob-
lems prevalant in the old one and is con-
sidered much more secure, but is not
interoperable with older (MIT/SEAM) servers.
The new protocol is used by default, unless
explicitly specified using these options or
by using krb5.conf(4). If Kerberos authori-
zation fails when using the old `rcmd' pro-
tocol, there is fallback to regular, non-
kerberized rlogin. This is not the case when
the new, more secure `rcmd' protocol is
used.
-x Turns on DES encryption for all data passed
through the rlogin session. This reduces
response time and increases CPU utilization.
Escape Sequences
Lines that you type which start with the tilde character (~)
are "escape sequences." The escape character can be changed
using the -e option.
SunOS 5.10 Last change: 16 Dec 2004 3
User Commands rlogin(1)
~. Disconnects from the remote host. This is
not the same as a logout, because the local
host breaks the connection with no warning
to the remote end.
~susp Suspends the login session, but only if you
are using a shell with Job Control. susp is
your "suspend" character, usually Control-Z.
See tty(1).
~dsusp Suspends the input half of the login, but
output will still be seen (only if you are
using a shell with Job Control). dsusp is
your "deferred suspend" character, usually
Control-Y. See tty(1).
OPERANDS
hostname The remote machine on which rlogin estab-
lishes the remote login session.
USAGE
For the kerberized rlogin session, each user may have a
private authorization list in a file, .k5login, in his home
directory. Each line in this file should contain a Kerberos
principal name of the form principal/instance@realm. If
there is a ~/.k5login file, access is granted to the account
if and only if the originating user is authenticated to
one of the principals named in the ~/.k5login file. Other-
wise, the originating user will be granted access to the
account if and only if the authenticated principal name of
the user can be mapped to the local account name using the
authenticated-principal-name -> local-user-name mapping
rules. The .k5login file (for access control) comes into
play only when Kerberos authentication is being done.
For the non-secure rlogin session, each remote machine may
have a file named /etc/hosts.equiv containing a list of
trusted host names with which it shares user names. Users
with the same user name on both the local and remote machine
may rlogin from the machines listed in the remote machine's
/etc/hosts.equiv file without supplying a password. Indivi-
dual users may set up a similar private equivalence list
with the file .rhosts in their home directories. Each line
in this file contains two names, that is, a host name and a
SunOS 5.10 Last change: 16 Dec 2004 4
User Commands rlogin(1)
user name, separated by a space. An entry in a remote user's
.rhosts file permits the user named username who is logged
into hostname to log in to the remote machine as the remote
user without supplying a password. If the name of the local
host is not found in the /etc/hosts.equiv file on the remote
machine, and the local user name and host name are not found
in the remote user's .rhosts file, then the remote machine
will prompt for a password. Host names listed in the
/etc/hosts.equiv and .rhosts files must be the official host
names listed in the hosts database. Nicknames may not be
used in either of these files.
For security reasons, the .rhosts file must be owned by
either the remote user or by root.
FILES
/etc/passwd Contains information about users'
accounts.
/usr/hosts/* For hostname version of the command.
/etc/hosts.equiv List of trusted hostnames with
shared user names.
/etc/nologin Message displayed to users attempt-
ing to login during machine shut-
down.
$HOME/.rhosts Private list of trusted
hostname/username combinations.
$HOME/.k5login File containing Kerberos principals
that are allowed access.
/etc/krb5/krb5.conf Kerberos configuration file.
/etc/hosts Hosts database.
SunOS 5.10 Last change: 16 Dec 2004 5
User Commands rlogin(1)
/etc/inet/ipnodes Hosts database.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWrcmdc |
|_____________________________|_____________________________|
SEE ALSO
rsh(1), stty(1), tty(1), in.rlogind(1M),
hosts(4),hosts.equiv(4), ipnodes(4), krb5.conf(4), nolo-
gin(4), attributes(5), krb5_auth_rules(5)
DIAGNOSTICS
The following message indicates that the machine is in the
process of being shutdown and logins have been disabled:
NO LOGINS: System going down in N minutes
NOTES
When a system is listed in hosts.equiv, its security must be
as good as local security. One insecure system listed in
hosts.equiv can compromise the security of the entire sys-
tem.
The Network Information Service (NIS) was formerly known as
Sun Yellow Pages (YP.) The functionality of the two remains
the same. Only the name has changed.
This implementation can only use the TCP network service.
SunOS 5.10 Last change: 16 Dec 2004 6
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:25:20 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
CPAN man page (4290 hits)
(Suse Linux 10.1)
ssh man page (4160 hits)
(Suse Linux 10.1)
adv_cap_autoneg man page (3470 hits)
(Solaris 10 11_06)
sqlite3 man page (3370 hits)
(openSUSE 10.2)
svn man page (3036 hits)
(FreeBSD 6.2)
startproc man page (1856 hits)
(Suse Linux 10.1)
pprosetup man page (1576 hits)
(Solaris 10 11_06)
signal man page (1541 hits)
(Suse Linux 10.1)
netcat man page (1508 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (1450 hits)
(Solaris 10 11_06)
|
Man Pages 
