[buug] rlogin

[Rick Moen]

Quoting John Landahl (john at landahl.org):

> It's not that it's not recommended, it's more that it SHOULD SIMPLY NEVER BE 
> USED.  In previous sysadmin jobs we used to seek and destroy .rlogin and 
> hosts.equiv files as a matter of policy.

Isn't it simpler just to make sure rshd and rlogind are disabled?  

> With the existence of OpenSSH there's just no reason for these commands to 
> exist anymore.  Aaron mentioned ssh-agent: this standard SSH command makes 
> ssh as easy to use as rlogin, but far *far* more secure.
> 
> Remember, not only is rlogin insecure for authentication purposes....

Oddly, enough, most implementations have a Kerberos option.  Not that
that is sufficient, but I thought I'd just mention it.

-- 
Cheers,                              "Azathoth need not be present to win."
Rick Moen                                       -- Charles O. Baucum, Jr.
rick at linuxmafia.com