version 1.13, 2003/06/03 02:56:15 |
version 1.14, 2003/07/25 09:49:02 |
|
|
.Nd remote shell |
.Nd remote shell |
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm rsh |
.Nm rsh |
.Op Fl Kdnx |
.Op Fl dn |
.Op Fl k Ar realm |
|
.Op Fl l Ar username |
.Op Fl l Ar username |
.Ar hostname |
.Ar hostname |
.Op Ar command |
.Op Ar command |
|
|
.Nm |
.Nm |
normally terminates when the remote command does. |
normally terminates when the remote command does. |
.Pp |
.Pp |
.Nm |
|
first attempts to use the Kerberos authorization mechanism, described below. |
|
If the remote host does not support Kerberos the standard Berkeley |
|
.Pa rhosts |
|
authorization mechanism is used. |
|
.Pp |
|
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl K |
|
Disable all Kerberos authentication. |
|
.It Fl d |
.It Fl d |
Enable socket debugging (using |
Enable socket debugging (using |
.Xr setsockopt 2 ) |
.Xr setsockopt 2 ) |
on the |
on the |
.Tn TCP |
.Tn TCP |
sockets used for communication with the remote host. |
sockets used for communication with the remote host. |
.It Fl k |
|
Causes |
|
.Nm |
|
to obtain tickets for the remote host in |
|
.Ar realm |
|
instead of the remote host's realm as determined by |
|
.Xr krb_realmofhost 3 . |
|
.It Fl l |
.It Fl l |
By default, the remote username is the same as the local username. |
By default, the remote username is the same as the local username. |
The |
The |
|
|
.\" directory /usr/hosts. |
.\" directory /usr/hosts. |
.\" If this directory is included in your search path, you can use the |
.\" If this directory is included in your search path, you can use the |
.\" shorthand ``host command'' for the longer form ``rsh host command''. |
.\" shorthand ``host command'' for the longer form ``rsh host command''. |
.Sh KERBEROS AUTHENTICATION |
|
If Kerberos is configured on the system, each user may have a private |
|
authorization list in the file |
|
.Pa .klogin |
|
in their home directory. |
|
Each line in this file should contain a Kerberos principal name of the form |
|
.Ar principal.instance@realm . |
|
If the originating user is authenticated to one of the principals named in |
|
.Pa .klogin , |
|
access is granted to the account. |
|
The principal |
|
.Ar accountname.@localrealm |
|
is granted access if there is no |
|
.Pa .klogin |
|
file. |
|
Otherwise a login and password will be prompted for on the remote machine |
|
as in |
|
.Xr login 1 . |
|
To avoid certain security problems, the |
|
.Pa .klogin |
|
file must be owned by the remote user. |
|
.Sh FILES |
.Sh FILES |
.Bl -tag -width /etc/hosts -compact |
.Bl -tag -width /etc/hosts -compact |
.It Pa /etc/hosts |
.It Pa /etc/hosts |
.El |
.El |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr telnet 1 , |
.Xr telnet 1 , |
.Xr kerberos 3 , |
|
.Xr krb_realmofhost 3 , |
|
.Xr krb_sendauth 3 , |
|
.Xr rcmd 3 |
.Xr rcmd 3 |
.Sh HISTORY |
.Sh HISTORY |
The |
The |
|
|
.Nm |
.Nm |
process only; this is arguably wrong, but currently hard to fix for reasons |
process only; this is arguably wrong, but currently hard to fix for reasons |
too complicated to explain here. |
too complicated to explain here. |
.Pp |
|
.Nm |
|
does not currently support encryption of the datastream when Kerberos |
|
authentication is used. |
|