=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/rsh/Attic/rsh.1,v retrieving revision 1.13 retrieving revision 1.14 diff -c -r1.13 -r1.14 *** src/usr.bin/rsh/Attic/rsh.1 2003/06/03 02:56:15 1.13 --- src/usr.bin/rsh/Attic/rsh.1 2003/07/25 09:49:02 1.14 *************** *** 1,4 **** ! .\" $OpenBSD: rsh.1,v 1.13 2003/06/03 02:56:15 millert Exp $ .\" .\" Copyright (c) 1983, 1990 The Regents of the University of California. .\" All rights reserved. --- 1,4 ---- ! .\" $OpenBSD: rsh.1,v 1.14 2003/07/25 09:49:02 jmc Exp $ .\" .\" Copyright (c) 1983, 1990 The Regents of the University of California. .\" All rights reserved. *************** *** 37,44 **** .Nd remote shell .Sh SYNOPSIS .Nm rsh ! .Op Fl Kdnx ! .Op Fl k Ar realm .Op Fl l Ar username .Ar hostname .Op Ar command --- 37,43 ---- .Nd remote shell .Sh SYNOPSIS .Nm rsh ! .Op Fl dn .Op Fl l Ar username .Ar hostname .Op Ar command *************** *** 66,94 **** .Nm normally terminates when the remote command does. .Pp - .Nm - first attempts to use the Kerberos authorization mechanism, described below. - If the remote host does not support Kerberos the standard Berkeley - .Pa rhosts - authorization mechanism is used. - .Pp The options are as follows: .Bl -tag -width Ds - .It Fl K - Disable all Kerberos authentication. .It Fl d Enable socket debugging (using .Xr setsockopt 2 ) on the .Tn TCP sockets used for communication with the remote host. - .It Fl k - Causes - .Nm - to obtain tickets for the remote host in - .Ar realm - instead of the remote host's realm as determined by - .Xr krb_realmofhost 3 . .It Fl l By default, the remote username is the same as the local username. The --- 65,78 ---- *************** *** 141,176 **** .\" directory /usr/hosts. .\" If this directory is included in your search path, you can use the .\" shorthand ``host command'' for the longer form ``rsh host command''. - .Sh KERBEROS AUTHENTICATION - If Kerberos is configured on the system, each user may have a private - authorization list in the file - .Pa .klogin - in their home directory. - Each line in this file should contain a Kerberos principal name of the form - .Ar principal.instance@realm . - If the originating user is authenticated to one of the principals named in - .Pa .klogin , - access is granted to the account. - The principal - .Ar accountname.@localrealm - is granted access if there is no - .Pa .klogin - file. - Otherwise a login and password will be prompted for on the remote machine - as in - .Xr login 1 . - To avoid certain security problems, the - .Pa .klogin - file must be owned by the remote user. .Sh FILES .Bl -tag -width /etc/hosts -compact .It Pa /etc/hosts .El .Sh SEE ALSO .Xr telnet 1 , - .Xr kerberos 3 , - .Xr krb_realmofhost 3 , - .Xr krb_sendauth 3 , .Xr rcmd 3 .Sh HISTORY The --- 125,136 ---- *************** *** 207,213 **** .Nm process only; this is arguably wrong, but currently hard to fix for reasons too complicated to explain here. - .Pp - .Nm - does not currently support encryption of the datastream when Kerberos - authentication is used. --- 167,169 ----