The '.rhosts' configuration file is placed in the the user's home directory to allow remote logins from other machines without going through the normal process of telnetting into the machine. Place the domains and the corresponding users of those domains in the '.rhosts' file. 
#.rhosts
	bama.ua.edu bullwinkle
	koala.scott.net rocky
     With this file in place, if bullwinkle at bama.ua.edu wants to log into this account, all he has to to is type: 
[bama.ua.edu]% rlogin -l bullwinkle shell.isp.com
[or]
[koala.scott.net]% rsh -l rocky shell.isp.com "cat information.txt" > information.txt
     Bullwinkle will not have to even type a password because this file gives him access. Note the -l switch: it is used when the username accross domains are different. If you have the same username on both machines, the -l switch is not neccessay.

     You must make the '.rhosts' file rw- for the owner (you) and --- for all others. This is done with 'chmod 600'. If you do not do this, you will be prompted for a password to finalize the service request and be allowed to login.


     There exists another option you can add to the '.rhosts' file to allow anyone from anywhere to login to the account, the syntax is "+ +" or:
#.rhosts
	+ +
     This, however, is not a very good idea due to the fact that anyone can log into the account. Having access to an account is where hackers often begin to find system vulnerbilities to gain superuser access.

     To use these features, the system administrator must allow 'r' (remote) connections to their machine. On Linux systems, these services are setup in the '/etc/inetd.conf' file. 'r' connections include 'rsh' and 'rlogin' which stands for 'r'(remote)'sh'(shell) and 'r'(remote)'login'


     The $rsh and $rlogin commands use IP address authentication. Address authentication is a security loophole due to what is known as IP spoofing. While IP spoofing cannot be performed by the average user, the .rhosts file using the IP authentication process may be a bad idea for extremely sensitive machines. I would recommend using the $ssh or secure shell authentication process for a sensitive network.