As mentioned in section 10.2.1, the rlogin and rsh commands query for a password if either the user or the client system is not trusted by the server to which the rlogin or rsh is addressed. Under these circumstances, the rlogin and rsh commands send the password in plain text across the network in a single packet. Consequently, a packet may be intercepted. If a server is not going to make use of the trusted user and trusted host capability of the ``r'' commands, it is prudent to disable the rlogind and rshd server programs. A server could support the same functionality of rlogin and rsh in the absence of trusted users and hosts with telnet.