IBM's emergency patch for the rlogin <host> -l -f... password check disable problem is available as: ftp://software.watson.ibm.com/pub/rlogin/rlogin.tar.Z Note that this hole is supposedly present in many bsd-ish systems. My HP/UX (9.0) and SunOs (4.1.{2|3} & 5.3) systems are OK, but my hp-bsd systems appear to allow a -f. Your mileage may vary. Here's the first part of IBM's readme: > APAR IX44254 -- rlogin security hole > > This document describes how to apply the emergency patch for APAR > IX44254. This emergency patch is not the permanent solution to this > problem, it merely provides a means to restore rlogin functionality > in a more secure manner. > > ... Richard