summaryrefslogtreecommitdiff
path: root/usr.bin/rsh/rsh.1
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/rsh/rsh.1')
-rw-r--r--usr.bin/rsh/rsh.149
1 files changed, 42 insertions, 7 deletions
diff --git a/usr.bin/rsh/rsh.1 b/usr.bin/rsh/rsh.1
index 14e0207a634..2a3cc23ead0 100644
--- a/usr.bin/rsh/rsh.1
+++ b/usr.bin/rsh/rsh.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: rsh.1,v 1.10 2001/06/23 23:15:37 hin Exp $
+.\" $OpenBSD: rsh.1,v 1.11 2002/05/06 22:50:03 millert Exp $
.\"
.\" Copyright (c) 1983, 1990 The Regents of the University of California.
.\" All rights reserved.
@@ -53,6 +53,14 @@ executes
on
.Ar hostname .
.Pp
+.Em Note:
+.Nm
+has been deprecated in favor of
+.Xr ssh 1 .
+Use of
+.Nm
+is discouraged due to the inherent insecurity of host-based authentication.
+.Pp
.Nm
copies its standard input to the remote command, the standard
output of the remote command to its standard output, and the
@@ -62,6 +70,12 @@ command;
.Nm
normally terminates when the remote command does.
.Pp
+.Nm
+first attempts to use the Kerberos authorization mechanism, described below.
+If the remote host does not support Kerberos the standard Berkeley
+.Pa rhosts
+authorization mechanism is used.
+.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl K
@@ -84,9 +98,6 @@ By default, the remote username is the same as the local username.
The
.Fl l
option allows the remote name to be specified.
-Kerberos authentication is used, and authorization is determined
-as in
-.Xr rlogin 1 .
.It Fl n
Redirect input from the special device
.Pa /dev/null
@@ -98,7 +109,10 @@ section of this manual page).
If no
.Ar command
is specified, you will be logged in on the remote host using
-.Xr rlogin 1 .
+.Nm rlogin
+if it exists on the system or
+.Xr telnet 1
+if not.
.Pp
If
.Nm
@@ -131,12 +145,33 @@ to
.\" directory /usr/hosts.
.\" If this directory is included in your search path, you can use the
.\" shorthand ``host command'' for the longer form ``rsh host command''.
+.Sh KERBEROS AUTHENTICATION
+If Kerberos is configured on the system, each user may have a private
+authorization list in the file
+.Pa .klogin
+in their home directory.
+Each line in this file should contain a Kerberos principal name of the form
+.Ar principal.instance@realm .
+If the originating user is authenticated to one of the principals named in
+.Pa .klogin ,
+access is granted to the account.
+The principal
+.Ar accountname.@localrealm
+is granted access if there is no
+.Pa .klogin
+file.
+Otherwise a login and password will be prompted for on the remote machine
+as in
+.Xr login 1 .
+To avoid certain security problems, the
+.Pa .klogin
+file must be owned by the remote user.
.Sh FILES
.Bl -tag -width /etc/hosts -compact
.It Pa /etc/hosts
.El
.Sh SEE ALSO
-.Xr rlogin 1 ,
+.Xr telnet 1 ,
.Xr kerberos 3 ,
.Xr krb_realmofhost 3 ,
.Xr krb_sendauth 3 ,
@@ -169,7 +204,7 @@ or
using
.Nm rsh ;
use
-.Xr rlogin 1
+.Xr telnet 1
instead.
.Pp
Stop signals stop the local