RLOGIN(1) | User Commands | RLOGIN(1) |
rlogin - remote login
rlogin [-8EL] [-ec ] [-A] [-K] [-x] [-PN | -PO] [-f | -F] [-a]
[-l username] [-k realm] hostname
The rlogin utility establishes a remote login session from your terminal to the remote machine named hostname. The user can choose to kerberize the rlogin session using Kerberos V5 and also protect the data being transferred.
Hostnames are listed in the hosts database, which can be contained in the /etc/hosts file, the Network Information Service (NIS) hosts map, the Internet domain name server, or a combination of these. Each host has one official name (the first name in the database entry), and optionally one or more nicknames. Either official hostnames or nicknames can be specified in hostname.
The user can opt for a secure rlogin session which uses Kerberos V5 for authentication. Encryption of the session data is also possible. The rlogin session can be kerberized using any of the following Kerberos specific options: -A, -PN or -PO, -x, -f or -F, and -k realm. Some of these options (-A, -x, -PN or -PO, and -f or -F) can also be specified in the [appdefaults] section of krb5.conf(5). The usage of these options and the expected behavior is discussed in the OPTIONS section below. If Kerberos authentication is used, authorization to the account is controlled through rules in krb5_auth_rules(7). If this authorization fails, fallback to normal rlogin using rhosts occurs only if the -PO option is used explicitly on the command line or is specified in krb5.conf(5). Also notice that the -PN or -PO, -x, -f or -F, and -k realm options are just supersets of the -A option.
The remote terminal type is the same as your local terminal type, as given in your environment TERM variable. The terminal or window size is also copied to the remote system if the server supports the option. Changes in size are reflected as well. All echoing takes place at the remote site, so that (except for delays) the remote login is transparent. Flow control using Control-S and Control-Q and flushing of input and output on interrupts are handled properly.
The following options are supported:
-8
-a
-A
-ec
-E
-f
-F
-k realm
-K
-l username
-L
-PN
-PO
-x
Lines that you type which start with the tilde character (~) are "escape sequences." The escape character can be changed using the -e option.
~.
~susp
~dsusp
hostname
For the kerberized rlogin session, each user can have a private authorization list in a file, .k5login, in his home directory. Each line in this file should contain a Kerberos principal name of the form principal/instance@realm. If there is a ~/.k5login file, access is granted to the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file. Otherwise, the originating user is granted access to the account if and only if the authenticated principal name of the user can be mapped to the local account name using the authenticated-principal-name → local-user-name mapping rules. The .k5login file (for access control) comes into play only when Kerberos authentication is being done.
For the non-secure rlogin session, each remote machine can have a file named /etc/hosts.equiv containing a list of trusted host names with which it shares user names. Users with the same user name on both the local and remote machine can rlogin from the machines listed in the remote machine's /etc/hosts.equiv file without supplying a password. Individual users may set up a similar private equivalence list with the file .rhosts in their home directories. Each line in this file contains two names, that is, a host name and a user name, separated by a space. An entry in a remote user's .rhosts file permits the user named username who is logged into hostname to log in to the remote machine as the remote user without supplying a password. If the name of the local host is not found in the /etc/hosts.equiv file on the remote machine, and the local user name and host name are not found in the remote user's .rhosts file, then the remote machine prompts for a password. Host names listed in the /etc/hosts.equiv and .rhosts files must be the official host names listed in the hosts database. Nicknames can not be used in either of these files.
For security reasons, the .rhosts file must be owned by either the remote user or by root.
/etc/passwd
/usr/hosts/*
/etc/hosts.equiv
/etc/nologin
$HOME/.rhosts
$HOME/.k5login
/etc/krb5/krb5.conf
/etc/hosts
rsh(1), stty(1), tty(1), hosts(5), hosts.equiv(5), krb5.conf(5), nologin(5), attributes(7), krb5_auth_rules(7), in.rlogind(8)
The following message indicates that the machine is in the process of being shut down and logins have been disabled:
NO LOGINS: System going down in N minutes
When a system is listed in hosts.equiv, its security must be as good as local security. One insecure system listed in hosts.equiv can compromise the security of the entire system.
The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP.) The functionality of the two remains the same. Only the name has changed.
This implementation can only use the TCP network service.
September 12, 2020 | OmniOS |