klogin(1)
NAME
- klogin, ktelnet - Kerberos rlogin or telnet with v4 ticket
- forwarding
SYNOPSIS
klogin [-AfhTVvx] [-l username] [rlogin options] host
[port]
ktelnet [-AfhVvx] [-l username] [telnet options] host
[port]
DESCRIPTION
- klogin forwards your Kerberos ticket-granting ticket to
- the machine host using kftgt(1) and then connects to that machine
- using Kerberos rlogin. If invoked with the -T option or as
- ktelnet, it uses Kerberos telnet instead, and also takes an op
- tional port argument to connect to a non-standard port.
- By default, klogin always uses encryption (the -x option
- to rlogin or telnet) and always forwards forwardable Kerberos v5
- tickets (the -F option). When invoking telnet, klogin always
- passes the -a flag to tell telnet to automatically log on to the
- remote system.
- You can also give klogin any options supported by either
- telnet or rlogin and then will be passed to telnet or rlogin as
- appropriate. Note, however, that the -a option to telnet isn't
- recognized because klogin always uses -a when using telnet, and
- the meanings of the -f, -F, and -x flags are reversed (see be
- low).
- The host given to klogin is put through a forward and then
- reverse DNS lookup before being used, to resolve any CNAMEs to
- their canonical hosts and to handle load-balanced hosts or hosts
- with multiple A records.
OPTIONS
- -f Don't forward tickets to the remote host. This both
- tells klogin not to run kftgt(1) and tells it not to pass either
- -f or -F to rlogin or telnet so that Kerberos v5 tickets won't be
- forwarded.
- -F Don't forward forwardable Kerberos v5 tickets. This
- tells klogin to pass the -f option to telnet or rlogin rather
- than -F. Kerberos v4 tickets will still be forwarded, as will
- Kerberos v5 tickets, but the forwarded Kerberos v5 tickets cannot
- be forwarded to another host.
- --help, -h
- Print a summary of options and exit.
- --login=username, -l username
- Set the username on the remote system to username.
- This is the user to log in as as well as user to which to forward
- tickets. If this option is not given, the default will be the
- username on the local host. This option will often be necessary
- if the local username differs from the Kerberos principal name,
- since kftgt and rlogin differ on the default otherwise.
- --telnet, -T
- Use telnet rather than rlogin. Using this option has
- the same effect as invoking klogin as ktelnet.
- --verbose, -V
- Print out each command and the arguments used before
- it's executed.
- --version, -v
- Print the version number of klogin and exit.
- -x Don't use encryption. Use of this option is not rec
- ommended, as anything sent through the resulting connection can
- be read by a potential attacker.
- --xauth, -A
- Try to forward the .Xauthority file to the remote
- host. This is done using rcp and the .Xauthority file on the re
- mote system will be overwritten, not merged. Note that if the
- remote system uses AFS as its file system, your dotfiles must be
- set up so that rcp to that system after a ticket has been for
- warded will acquire a token and be able to write to your home di
- rectory.
- In addition, klogin tries to recognize rlogin and telnet
- options and pass them along to rlogin or telnet as appropriate.
CAVEATS
- See kftgt(1) for some additional details about Kerberos v4
- ticket forwarding and some of the peculiarities thereof.
AUTHORS
- klogin was originally written by Roland Schemers
- <schemers@stanford.edu> and updated and maintained by Larry
- Schwimmer <opusl@stanford.edu>. It was rewritten completely by
- Russ Allbery <rra@stanford.edu>.
- Questions and bug reports may be sent to Russ Allbery
- <rra@stanford.edu>, but please be aware that we only support
- Stanford affiliates and may not be able to help with problems at
- other sites.
LICENSE
- Copyright 1994, 1996, 1997, 1999, 2001, 2002, 2003, 2005
- Board of Trustees, Leland Stanford Jr. University
- All rights reserved.
- Export of this software from the United States of America
- may require a specific license from the United States Government.
- It is the responsibility of any person or organization contem
- plating export to obtain such a license before exporting.
- WITHIN THAT CONSTRAINT, permission to use, copy, modify,
- and distribute this software and its documentation for any pur
- pose and without fee is hereby granted, provided that the above
- copyright notice appear in all copies and that both that copy
- right notice and this permission notice appear in supporting doc
- umentation, and that the name of Stanford University not be used
- in advertising or publicity pertaining to distribution of the
- software without specific, written prior permission. Stanford
- University makes no representations about the suitability of this
- software for any purpose. It is provided "as is" without express
- or implied warranty.
- THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS
- OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PUR
- POSE.
SEE ALSO
- kftgt(1), rlogin(1), telnet(1)
- 2.18 2006-10-06