rlogin(8sec) — Maintenance
NAME
rlogin − Perform a remote login
SYNOPSIS
rlogin [-8EFKLdfx] [-e char] [-l username] host
OPTIONS
-8Allows an 8-bit input data path at all times. Without the -8 option, parity bits are not stripped if the remote side stop and start characters are ^S/^Q; if they are not ^S/^Q, parity bits are stripped.
-EStops any character from being recognized as an escape character. When used with the -8 option, this provides a completely transparent connection.
-FForwards the local credentials to the remote system, and marks the remote credentials as Forwardable, allowing them to be forwarded from there to another remote system.
-K Turns off all Kerberos authentication. If you specify this option, the command prompts for a password. The entered password is sent across the network in cleartext.
-LAllows the rlogin session to be run in litout mode. (See tty(4).)
-dTurns on socket debugging for the TCP sockets used to communicate with the remote host. (See setsockopt(2).)
-eAllows users to specify the escape character. The escape character can be specified as literal or as an octal value in the form \\*Vnnn.
-fForwards the local credentials to the remote system, and marks the remote credentials as non-forwardable. The credentials cannot be forwarded from there to another remote system.
-lAllows the remote username to be specified. By default, the remote username is the same as the local username.
-xTurns on DES encryption for all data passed via the rlogin session. DES encryption may impact response time and CPU utilization, but it provides increased security. This option is subject to export control.
DESCRIPTION
The rlogin command starts a terminal session on the remote host. The command first attempts to use the Kerberos V5 protocol to authenticate to the remote host. If the authentication is successful, user authorization is performed as described in Kerberos Authorization below. After a successful authentication, the user is not required to enter a password and, therefore, the password is not sent over the network in cleartext. If the remote host does not support Kerberos, the command uses the standard Berkeley rhosts authorization mechanism.
Escape Characters
Unless another escape character is specified with the -e option, the ~ (tilde) is the escape character. Normally control-Y (^Y) is the delayed-suspend character. Use the escape character to
•Disconnect from the remote host by entering a line in the form e. (where e indicates the escape character)
•Suspend the rlogin session by entering a line in the form e^Z (where e indicates the escape character)
•Suspend the send portion of the rlogin session, but allow output from the remote system by entering a line in the form e delayed-suspend character (where e indicates the escape character)
Echoing
All echoing takes place at the remote site, so that (except for delays) the rlogin is transparent. Flow control via ^S/^Q and flushing of input and output on interrupts are handled properly.
Kerberos Authorization
In order for Kerberos V5 authorization to succeed, the remote account must exist in the remote systems password file. If the local principal is using the -l option to log into a remote account with a name that differs from the principal’s local account name, either one of the following conditions must be true:
•A .k5login file containing the local principal’s name, in the form principal@realm, must exist in the remote account’s home directory. The remote account user must be the owner of the .k5login file and the only name granted write permission. In other words, the file’s permissions must be -rw-r--r--.
•A Kerberos V5 authorization name database file must exist on the remote system. This file must contain the name of the local principal and map the principal to an account on the remote system.
If the -l option is not being used, that is, the local principal is logging into a remote account (in the same realm) with the same name as the principal’s local name, neither of the above conditions are required to be met.
If Kerberos authentication fails, a warning message is printed, and the standard Berkeley rlogin is used.
ENVIRONMENT
The following environment variable is utilized by rlogin:
TERMDetermines the user’s terminal type.
DIAGNOSTICS
Diagnostics can occur from both the local and remote hosts. Those that occur on the local host before the connection is completely established are written to standard error. Once the connection is established, any error messages from the remote host are written to standard output, like any other data.
login/tcp: Unknown service
warning, can’t get entry for servicename/tcp service
The rlogin command could not find the login service listed in the /etc/services database file.
unknown user id
The rlogin command could not find your user ID in the password file.
system call:...
An error occurred when rlogin attempted the indicated system call. See the appropriate manual entry for information about the error.
kcmd to host hostname failed - error message
An error occurred during Kerberos authentication. The Kerberos-specific error message will be displayed.
warning, using standard rlogin: can’t provide Kerberos auth data.
Kerberos authentication failed and the host is retrying using the standard Berkeley rhosts authorization mechanism.
RELATED INFORMATION
Commands: rsh(8sec), rlogind(8sec)
Files: .k5login