


   SPX Version 2.2                                                  flogin(1)



   Name
     flogin - remote login with SPX authentication

   Syntax
     flogin _r_h_o_s_t [-ec] [-8] [-l username] [-ND]

   Description
     The _f_l_o_g_i_n command connects your terminal on the current local host sys-
     tem, to the remote host system, _r_h_o_s_t. The remote username is the same
     as your local username, unless specified with the -l option.

     The optional argument -8 allows an eight-bit input data path at all
     times.  Otherwise, parity bits are stripped except when the remote
     site's stop and start characters are other than <CTRL/S> and <CTRL/Q>.
     A different escape character may be specified by the -e option.  There
     is no space separating this option flag and the argument character.

     Each account has a file ._s_p_h_i_n_x that contains a list of X.500 global
     principals who are allowed access to the account.  To avoid security
     problems, the ._s_p_h_i_n_x file must be owned by either the remote user or
     root and it shouldn't be a symbolic link.  In addition, the file must
     not be world-writable.

     Note that the following ACL entries are equivalent for a user principal
     in the default domain "/C=US/O=Digital/OU=LKG".

          "/C=US/O=Digital/OU=LKG/OU=Users/CN=John Smith"

          "OU=Users/CN=John Smith"

     However, it is recommended that fully qualified principal names be
     placed in ACLs to avoid ambiguity.  Also, if a principal name contains a
     'space' character, the name must be double-quoted.

     If the _f_l_o_g_i_n application is built with the SPX_CHALLENGE variable
     defined, then _f_l_o_g_i_n can be used to securely gain access to the
     privileged "root" account on a remote host.  Potential users who would
     like privileged access must have their X.500 name in the ACL entry file
     /._s_p_h_i_n_x and they need to supply their own password to prove that they
     are an interactive user.  Note that the password is not sent in any form
     over the wire.

     The _f_l_o_g_i_n command always performs mutual authentication.  Delegation is
     the default for non-privileged accounts, however this feature can be
     turned off.

   Options

     -N                  Doesn't delegate your credentials to the remote pro-
                         cess (default for privileged accounts)

     -D                  Delegates your credentials to the remote process
                         (default for non-privileged accounts)


   Digital Equipment Corporation                                            1






   flogin(1)                                                  SPX Version 2.2


     -l _u_s_e_r_n_a_m_e         Logs you in as the specified user, not as your
                         current account name.

     -8                  Allows an 8-bit input data path at all times.

     -e_c                 Uses the specified character as the _f_l_o_g_i_n escape
                         character.  If not specified, uses a tilde (~).

     -L                  Runs session in litout mode.

   Files
     /etc/cdc.conf /tmp/claimant__n_a_m_e ~/.sphinx

   See Also

     spx(1), spxdestroy(1), spxlist(1), spxinit(1), fcp(1), fsh(1)








































   2                                            Digital Equipment Corporation


99