Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ rlogin(1C) — CX/UX 6.20

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rsh(1C)

login(1)

rlogin(1C)

NAME

rlogin − remote login

SYNOPSIS

rlogin rhost [ −ec ] [ −8 ] [ −L ] [ −l [ security flags ] username ]
rhost [ −ec ] [ −8 ] [ −L ] [ −l [ security flags ] username ]

DESCRIPTION

rlogin connects your terminal on the current local host system lhost to the remote host system rhost. 

Each host has a file /etc/hosts.equiv which contains a list of rhost’s with which it shares account names.  (The host names must be the standard names as described in rsh(1C).)  When you rlogin as the same user on an equivalent host, you don’t need to give a password.  Each user may also have a private equivalence list in a file .rhosts in his login directory.  Each line in this file should contain an rhost and a username separated by a space, giving additional cases where logins without passwords are to be permitted.  If the originating user is not equivalent to the remote user, then a login and password will be prompted for on the remote machine as in login(1).  To avoid some security problems, the .rhosts file must be owned by either the remote user or root. 

The remote terminal type is the same as your local terminal type (as given in your environment TERM variable).  All echoing takes place at the remote site, so that (except for delays) the rlogin is transparent.  Flow control via ^S and ^Q and flushing of input and output on interrupts are handled properly.  The optional argument −8 allows an eight-bit input data path at all times; otherwise parity bits are stripped except when the remote side’s stop and start characters are other than ^S/^Q.  The argument −L allows the rlogin session to be run in litout (8 bit output) mode.  A line of the form “~.” disconnects from the remote host, where “~” is the escape character.  Similarly, the line “~^Z” (where ^Z, control-Z, is the suspend character) will suspend the rlogin session.  Substitution of the delayed-suspend character (normally ^Y) for the suspend character suspends the send portion of the rlogin, but allows output from the remote system.  A different escape character may be specified by the −e option.  There is no space separating this option flag and the argument character. 

SECURITY FEATURES

The following security features are available only with CX/SX. 

On a CX/SX system, auto-login is disabled.  The user must always give a password. 

rlogin will accept various flags before the user name if the system is configured to B1 security.  These flags are accepted in the −l flag argument and at the "login:" prompt.  When these flags are used in the −l flag argument, the entire argument must be quoted.  The flags and user name take the form:

          [-p] [-v|d] [-b label|-l level
          |-a priv] [-g grp] username

The security flags are:

-l -b requests that the session start with an initial classification level of level, or an initial classification label of label.  The classification can be specified in human readable or canonical form as defined in labels(1SX) and libmls(3SX). 

-g requests that the session start with the user operating in group grp at the user’s default classification level. 

-a requests that the session start with an initial privilege (label + group) of priv.  The privilege name is essentially an alias for a given label within a given group.  For example:   rlogin rhost -l "-l secret,nato,crypto -g demo cwf" may be equivalent to:  rlogin rhost -l "-a demox cwf" if the owner of group demo chooses. 

-d -v when used in conjunction with -l, -h, -a, or -g, reset the default login privilege (level and group) to the privilege selected for this session.  The default privilege is the default level and group selected by login if no arguments are provided requesting a level or group change.  The default is stored as the login GID in the password file (passwd(4)). 

-p invokes passwd(1) via a trusted path.  This guarantees that the user is talking to the trusted password command, not some Trojan Horse pretending to be passwd.  A trusted path to passwd is as critical as a trusted path to login since a user must reveal his/her password to both.

If the local system is running LAN/SX then the user’s current security label must match a label that is allowed on the network.  The site administrator chooses which labels are allowed on the network.  If the user’s current label is not allowed, the error message "Permission denied" is displayed. 

If the remote system is running LAN/SX then the security label for the rlogin session must be equal to the usr’s current security label.  By default rlogin will use the correct label for the session.  If desired, users can change the discretionary group with the -g or -a options.  (Note that the -a option will only accept a privilege at the correct security label.)  The -l and -b options will be ineffective.  If the user attempts to specify an invalid security label for the session the error message Requested security label not equal to current label will be displayed. 

SEE ALSO

rsh(1C), login(1)

FILES

/usr/hosts/∗for rhost version of the command

BUGS

More of the environment should be propagated. 

CX/UX Networking

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026