rlogin is gone but rsh remains (though its use is discouraged).

If someone uses the 'rsh foo' form and there is no rlogin installed,
use telnet instead.

3 files changed, 56 insertions, 14 deletions

diff --git a/usr.bin/rsh/pathnames.h b/usr.bin/rsh/pathnames.h
index 2c6550ce4a4..e23c6152dec 100644
--- a/usr.bin/rsh/pathnames.h
+++ b/usr.bin/rsh/pathnames.h
@@ -1,4 +1,5 @@
-/* *	$OpenBSD: pathnames.h,v 1.2 1996/06/26 05:38:48 deraadt Exp $*/
+/*	$OpenBSD: pathnames.h,v 1.3 2002/05/06 22:50:03 millert Exp $	*/
+
 /*
  * Copyright (c) 1989 The Regents of the University of California.
  * All rights reserved.
@@ -35,3 +36,4 @@
  */
 
 #define	_PATH_RLOGIN	"/usr/bin/rlogin"
+#define	_PATH_TELNET	"/usr/bin/telnet"
diff --git a/usr.bin/rsh/rsh.1 b/usr.bin/rsh/rsh.1
index 14e0207a634..2a3cc23ead0 100644
--- a/usr.bin/rsh/rsh.1
+++ b/usr.bin/rsh/rsh.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rsh.1,v 1.10 2001/06/23 23:15:37 hin Exp $
+.\"	$OpenBSD: rsh.1,v 1.11 2002/05/06 22:50:03 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1990 The Regents of the University of California.
 .\" All rights reserved.
@@ -53,6 +53,14 @@ executes
 on
 .Ar hostname .
 .Pp
+.Em Note:
+.Nm
+has been deprecated in favor of
+.Xr ssh 1 .
+Use of
+.Nm
+is discouraged due to the inherent insecurity of host-based authentication.
+.Pp
 .Nm
 copies its standard input to the remote command, the standard
 output of the remote command to its standard output, and the
@@ -62,6 +70,12 @@ command;
 .Nm
 normally terminates when the remote command does.
 .Pp
+.Nm
+first attempts to use the Kerberos authorization mechanism, described below.
+If the remote host does not support Kerberos the standard Berkeley
+.Pa rhosts
+authorization mechanism is used.
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl K
@@ -84,9 +98,6 @@ By default, the remote username is the same as the local username.
 The
 .Fl l
 option allows the remote name to be specified.
-Kerberos authentication is used, and authorization is determined
-as in
-.Xr rlogin 1 .
 .It Fl n
 Redirect input from the special device
 .Pa /dev/null
@@ -98,7 +109,10 @@ section of this manual page).
 If no
 .Ar command
 is specified, you will be logged in on the remote host using
-.Xr rlogin 1 .
+.Nm rlogin
+if it exists on the system or
+.Xr telnet 1
+if not.
 .Pp
 If
 .Nm
@@ -131,12 +145,33 @@ to
 .\" directory /usr/hosts.
 .\" If this directory is included in your search path, you can use the
 .\" shorthand ``host command'' for the longer form ``rsh host command''.
+.Sh KERBEROS AUTHENTICATION
+If Kerberos is configured on the system, each user may have a private
+authorization list in the file
+.Pa .klogin
+in their home directory.
+Each line in this file should contain a Kerberos principal name of the form
+.Ar principal.instance@realm .
+If the originating user is authenticated to one of the principals named in
+.Pa .klogin ,
+access is granted to the account.
+The principal
+.Ar accountname.@localrealm
+is granted access if there is no
+.Pa .klogin
+file.
+Otherwise a login and password will be prompted for on the remote machine
+as in
+.Xr login 1 .
+To avoid certain security problems, the
+.Pa .klogin
+file must be owned by the remote user.
 .Sh FILES
 .Bl -tag -width /etc/hosts -compact
 .It Pa /etc/hosts
 .El
 .Sh SEE ALSO
-.Xr rlogin 1 ,
+.Xr telnet 1 ,
 .Xr kerberos 3 ,
 .Xr krb_realmofhost 3 ,
 .Xr krb_sendauth 3 ,
@@ -169,7 +204,7 @@ or
 using
 .Nm rsh ;
 use
-.Xr rlogin 1
+.Xr telnet 1
 instead.
 .Pp
 Stop signals stop the local
diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c
index 64b3bf31b55..4e390b43049 100644
--- a/usr.bin/rsh/rsh.c
+++ b/usr.bin/rsh/rsh.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsh.c,v 1.25 2002/02/19 19:39:39 millert Exp $	*/
+/*	$OpenBSD: rsh.c,v 1.26 2002/05/06 22:50:03 millert Exp $	*/
 
 /*-
  * Copyright (c) 1983, 1990 The Regents of the University of California.
@@ -41,7 +41,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)rsh.c	5.24 (Berkeley) 7/1/91";*/
-static char rcsid[] = "$OpenBSD: rsh.c,v 1.25 2002/02/19 19:39:39 millert Exp $";
+static char rcsid[] = "$OpenBSD: rsh.c,v 1.26 2002/05/06 22:50:03 millert Exp $";
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -173,14 +173,19 @@ main(argc, argv)
 	if (!host && !(host = argv[optind++]))
 		usage();
 
-	/* if no further arguments, must have been called as rlogin. */
+	/* if no command, login to remote host via rlogin or telnet. */
 	if (!argv[optind]) {
-		if (asrsh)
-			*argv = "rlogin";
 		seteuid(getuid());
 		setuid(getuid());
+		if (asrsh)
+			*argv = "rlogin";
 		execv(_PATH_RLOGIN, argv);
-		(void)fprintf(stderr, "rsh: can't exec %s.\n", _PATH_RLOGIN);
+		if (errno == ENOENT) {
+			if (asrsh)
+				*argv = "telnet";
+			execv(_PATH_TELNET, argv);
+		}
+		(void)fprintf(stderr, "rsh: can't exec %s.\n", _PATH_TELNET);
 		exit(1);
 	}