The telnet command cannot be used for remote role assumption because this command cannot pass the primary and role identities to the pam_roles module.
The user and the role must be identically defined on the local and the remote system.
The role must have the Remote Login authorization. By default, this authorization is in the Remote Administration, and the Maintenance and Repair rights profiles.
The security administrator has completed the procedure Enable Remote Login by a Role in Trusted Extensions in Oracle Solaris Trusted Extensions Configuration Guide on every system that can be remotely administered. If the system can be administered from an unlabeled system, the procedure Enable Remote Login From an Unlabeled System in Oracle Solaris Trusted Extensions Configuration Guide has also been completed.
From the workspace of a user who can assume a role, log in to the remote host.
Use the rlogin command, the ssh command, or the ftp command.
If the rlogin -l or ssh command is used to log in, all commands that are in the role's rights profiles are available.
If the ftp command is used, see the ftp(1) man page for the commands that are available.