rlogin(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨페이지이름
검색(S)

rlogin(1)

Name
     rlogin - remote login

Synopsis
     rlogin [-8EL] [-ec ] [-A] [-K] [-x] [-PN | -PO] [-f | -F] [-a]
          [-l username] [-k realm] hostname

Description
     The rlogin utility establishes a remote login  session  from
     your terminal to the remote machine named hostname. The user
     can choose to kerberize the rlogin session using Kerberos V5
     and also protect the data being transferred.


     Hostnames are listed in the hosts  database,  which  can  be
     contained  in  the  /etc/hosts file, the Network Information
     Service (NIS) hosts map, the Internet domain name server, or
     a combination of these. Each host has one official name (the
     first name in the database entry),  and  optionally  one  or
     more  nicknames.  Either official hostnames or nicknames can
     be specified in hostname.


     The user can opt for a secure rlogin session which uses Ker-
     beros  V5 for authentication. Encryption of the session data
     is also possible. The rlogin session can be kerberized using
     any  of  the following Kerberos specific options: -A, -PN or
     -PO, -x, -f or -F, and -k realm. Some of these options  (-A,
     -x,  -PN  or -PO, and -f or -F) can also be specified in the
     [appdefaults] section of krb5.conf(4). The  usage  of  these
     options  and  the  expected  behavior  is  discussed  in the
     OPTIONS section below. If Kerberos authentication  is  used,
     authorization  to the account is controlled through rules in
     krb5_auth_rules(5). If this authorization fails, fallback to
     normal  rlogin using rhosts occurs only if the -PO option is
     used explicitly on the  command  line  or  is  specified  in
     krb5.conf(4). Also notice that the -PN or -PO, -x, -f or -F,
     and -k realm options are just supersets of the -A option.


     The remote terminal type is the same as your local  terminal
     type, as given in your environment TERM variable. The termi-
     nal or window size is also copied to the  remote  system  if
     the   server  supports  the  option.  Changes  in  size  are
     reflected as well. All echoing takes  place  at  the  remote
     site,  so that (except for delays) the remote login is tran-
     sparent. Flow control  using  Control-S  and  Control-Q  and
     flushing of input and output on interrupts are handled prop-
     erly.

Options
     The following options are supported:

     -8
                    Passes eight-bit data across the net  instead
                    of seven-bit data.


     -a
                    Forces the remote machine to ask for a  pass-
                    word by sending a null local username.


     -A
                    Explicitly  enables  Kerberos  authentication
                    and  trusts  the  .k5login  file  for access-
                    control.  If  the  authorization   check   by
                    in.rlogind(1M)  on  the  server-side succeeds
                    and if the .k5login file permits access,  the
                    user  is allowed to login without supplying a
                    password.


     -ec
                    Specifies a different  escape  character,  c,
                    for  the  line  used  to  disconnect from the
                    remote host.


     -E
                    Stops any character from being recognized  as
                    an escape character.


     -f
                    Forwards a  copy  of  the  local  credentials
                    (Kerberos  Ticket  Granting  Ticket)  to  the
                    remote  system.  This  is  a  non-forwardable
                    ticket  granting  ticket.  You must forward a
                    ticket granting ticket if you need to authen-
                    ticate  yourself  to other Kerberized network
                    services on the remote host. An example is if
                    your home directory on the remote host is NFS
                    mounted  via  Kerberos  V5.  If  your   local
                    credentials  are  not forwarded in this case,
                    you can not access your home directory.  This
                    option  is  mutually  exclusive  with  the -F
                    option.


     -F
                    Forwards a  forwardable  copy  of  the  local
                    credentials (Kerberos Ticket Granting Ticket)
                    to the remote system. The -F option  provides
                    a  superset  of  the functionality offered by
                    the -f  option.  For  example,  with  the  -f
                    option,  after  you  connected  to the remote
                    host, any  attempt  to  invoke  /usr/bin/ftp,
                    /usr/bin/telnet,      /usr/bin/rlogin,     or
                    /usr/bin/rsh with the -f or -F options  would
                    fail.  Thus, you would be unable to push your
                    single network sign on trust beyond one  sys-
                    tem.  This  option is mutually exclusive with
                    the -f option.


     -k realm
                    Causes  rlogin  to  obtain  tickets  for  the
                    remote  host  in  realm instead of the remote
                    host's realm as determined by krb5.conf(4).


     -K
                    This  option  explicitly  disables   Kerberos
                    authentication.  It  can  be used to override
                    the autologin variable in krb5.conf(4).


     -l username
                    Specifies a different username for the remote
                    login.  If  you  do  not use this option, the
                    remote username used  is  the  same  as  your
                    local username.


     -L
                    Allows  the  rlogin  session  to  be  run  in
                    "litout" mode.


     -PN
     -PO
                    Explicitly requests the new (-PN) or  old  (-
                    PO)  version of the Kerberos `rcmd' protocol.
                    The new protocol avoids many  security  prob-
                    lems  prevalant  in  the  old one and is con-
                    sidered much more secure, but is not interop-
                    erable with older (MIT/SEAM) servers. The new
                    protocol is used by  default,  unless  expli-
                    citly  specified  using  these  options or by
                    using krb5.conf(4). If Kerberos authorization
                    fails  when  using  the  old `rcmd' protocol,
                    there is fallback to regular,  non-kerberized
                    rlogin.  This  is  not the case when the new,
                    more secure `rcmd' protocol is used.


     -x
                    Turns on DES encryption for all  data  passed
                    through  the  rlogin  session.  This  reduces
                    response time and increases CPU utilization.


  Escape Sequences
     Lines that you type which start with the tilde character (~)
     are  "escape sequences." The escape character can be changed
     using the -e option.
     ~.
               Disconnects from the remote host. This is not  the
               same  as  a  logout, because the local host breaks
               the connection with no warning to the remote end.


     ~susp
               Suspends the login session, but only  if  you  are
               using  a  shell  with  Job  Control.  susp is your
               "suspend"  character,   usually   Control-Z.   See
               tty(1).


     ~dsusp
               Suspends the input half of the login,  but  output
               is  still able to be seen (only if you are using a
               shell with Job Control). dsusp is  your  "deferred
               suspend" character, usually Control-Y. See tty(1).

Operands
     hostname
                 The remote machine on which  rlogin  establishes
                 the remote login session.

Usage
     For the kerberized rlogin session,  each  user  can  have  a
     private  authorization list in a file, .k5login, in his home
     directory. Each line in this file should contain a  Kerberos
     principal  name  of  the  form  principal/instance@realm. If
     there is a ~/.k5login file, access is granted to the account
     if  and only if the originating user is authenticated to one
     of the principals named in the ~/.k5login  file.  Otherwise,
     the originating user is granted access to the account if and
     only if the authenticated principal name of the user can  be
     mapped  to  the  local account name using the authenticated-
     principal-name  ->  local-user-name   mapping   rules.   The
     .k5login file (for access control) comes into play only when
     Kerberos authentication is being done.


     For the non-secure rlogin session, each remote  machine  can
     have  a  file  named  /etc/hosts.equiv  containing a list of
     trusted host names with which it shares  user  names.  Users
     with the same user name on both the local and remote machine
     can rlogin from the machines listed in the remote  machine's
     /etc/hosts.equiv  file without supplying a password. Indivi-
     dual users camayn set up a similar private equivalence  list
     with  the  file .rhosts in their home directories. Each line
     in this file contains two names, that is, a host name and  a
     user name, separated by a space. An entry in a remote user's
     .rhosts file permits the user named username who  is  logged
     into  hostname to log in to the remote machine as the remote
     user without supplying a password. If the name of the  local
     host is not found in the /etc/hosts.equiv file on the remote
     machine, and the local user name and host name are not found
     in  the  remote user's .rhosts file, then the remote machine
     prompts  for  a  password.  Host   names   listed   in   the
     /etc/hosts.equiv and .rhosts files must be the official host
     names listed in the hosts database.  Nicknames  can  not  be
     used in either of these files.


     For security reasons, the .rhosts  file  must  be  owned  by
     either the remote user or by root.

Files
     /etc/passwd
                            Contains  information  about   users'
                            accounts.


     /usr/hosts/*
                            For hostname version of the command.


     /etc/hosts.equiv
                            List of trusted hostnames with shared
                            user names.


     /etc/nologin
                            Message displayed to users attempting
                            to login during machine shutdown.


     $HOME/.rhosts
                            Private     list      of   trusted
                            hostname/username combinations.


     $HOME/.k5login
                            File containing  Kerberos  principals
                            that are allowed access.


     /etc/krb5/krb5.conf
                            Kerberos configuration file.


     /etc/hosts
                            Hosts database.

Attributes
     See attributes(5) for descriptions of the  following  attri-
     butes:



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE             TYPEATTRIBUTE            VALUE            _
     Availabilityservice/network/network-clients

See Also
     rsh(1),   stty(1),   tty(1),    in.rlogind(1M),    hosts(4),
     hosts.equiv(4),   krb5.conf(4),  nologin(4),  attributes(5),
     krb5_auth_rules(5)

Diagnostics
     The following message indicates that the machine is  in  the
     process of being shutdown and logins have been disabled:

       NO LOGINS: System going down in N minutes

Notes
     When a system is listed in hosts.equiv, its security must be
     as  good  as  local  security. One insecure system listed in
     hosts.equiv can compromise the security of the  entire  sys-
     tem.


     The Network Information Service (NIS) was formerly known  as
     Sun  Yellow Pages (YP.) The functionality of the two remains
     the same. Only the name has changed.


     This implementation can only use the TCP network service.
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3