The discussion about rlogin insecurity was a surprise to me.
If my telnet and rlogin servers both allow password-less logins only
from trusted hosts, why should I allow telnet and disallow rlogin?
The interesting point that seemed to be raised was that if you allow
rlogin you may also be allowing access to arbitrary other ports. What
if I am already allowing such access and don't mind doing so?
There are two issues. First, rlogin uses a very weak form of authentication;
it's sometimes possible to spoof it. Second, the *source* port for rlogin
is a random ``privileged'' port, and you probably don't want to allow
unrestricted access in that range.