Commit | Line | Data |
---|---|---|
800d0819 | 1 | .\" Copyright (c) 1983, 1989 The Regents of the University of California. |
eb97b157 | 2 | .\" All rights reserved. |
9ada66f8 | 3 | .\" |
1c15e888 C |
4 | .\" Redistribution and use in source and binary forms are permitted provided |
5 | .\" that: (1) source distributions retain this entire copyright notice and | |
6 | .\" comment, and (2) distributions including binaries display the following | |
7 | .\" acknowledgement: ``This product includes software developed by the | |
8 | .\" University of California, Berkeley and its contributors'' in the | |
9 | .\" documentation or other materials provided with the distribution and in | |
10 | .\" all advertising materials mentioning features or use of this software. | |
11 | .\" Neither the name of the University nor the names of its contributors may | |
12 | .\" be used to endorse or promote products derived from this software without | |
13 | .\" specific prior written permission. | |
14 | .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED | |
15 | .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF | |
16 | .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. | |
9ada66f8 | 17 | .\" |
1c15e888 | 18 | .\" @(#)rlogind.8 6.11 (Berkeley) 6/24/90 |
eb97b157 | 19 | .\" |
1c15e888 | 20 | .TH RLOGIND 8 "June 24, 1990" |
9ada66f8 KM |
21 | .UC 5 |
22 | .SH NAME | |
23 | rlogind \- remote login server | |
24 | .SH SYNOPSIS | |
800d0819 | 25 | .B rlogind |
9ada66f8 | 26 | [ |
800d0819 | 27 | .B \-aln |
9ada66f8 KM |
28 | ] |
29 | .SH DESCRIPTION | |
30 | .I Rlogind | |
31 | is the server for the | |
2fea3940 | 32 | .IR rlogin (1) |
9ada66f8 | 33 | program. The server provides a remote login facility |
be1d37d3 | 34 | with authentication based on privileged port numbers from trusted hosts. |
9ada66f8 KM |
35 | .PP |
36 | .I Rlogind | |
37 | listens for service requests at the port indicated in | |
38 | the ``login'' service specification; see | |
39 | .IR services (5). | |
40 | When a service request is received the following protocol | |
41 | is initiated: | |
42 | .IP 1) | |
43 | The server checks the client's source port. | |
35c2b9ad | 44 | If the port is not in the range 512-1023, the server |
9ada66f8 KM |
45 | aborts the connection. |
46 | .IP 2) | |
14dbbfdc MK |
47 | The server checks the client's source address |
48 | and requests the corresponding host name (see | |
800d0819 | 49 | IR gethostbyaddr (3), |
be1d37d3 MK |
50 | .IR hosts (5) |
51 | and | |
14dbbfdc MK |
52 | .IR named (8)). |
53 | If the hostname cannot be determined, | |
be1d37d3 | 54 | the dot-notation representation of the host address is used. |
800d0819 MK |
55 | If the hostname is in the same domain as the server (according to |
56 | the last two components of the domain name), | |
57 | or if the | |
58 | .B \-a | |
59 | option is given, | |
60 | the addresses for the hostname are requested, | |
61 | verifying that the name and address correspond. | |
62 | Normal authentication is bypassed if the address verification fails. | |
9ada66f8 KM |
63 | .PP |
64 | Once the source port and address have been checked, | |
65 | .I rlogind | |
bdde3a80 | 66 | proceeds with the authentication process described in |
7aa778ca | 67 | .IR rshd (8). |
bdde3a80 | 68 | It then allocates a pseudo terminal (see |
9ada66f8 KM |
69 | .IR pty (4)), |
70 | and manipulates file descriptors so that the slave | |
71 | half of the pseudo terminal becomes the | |
72 | .B stdin , | |
73 | .B stdout , | |
74 | and | |
75 | .B stderr | |
76 | for a login process. | |
77 | The login process is an instance of the | |
78 | .IR login (1) | |
79 | program, invoked with the | |
bdde3a80 KF |
80 | .B \-f |
81 | option if authentication has succeeded. | |
82 | If automatic authentication fails, the user is | |
83 | prompted to log in as if on a standard terminal line. The | |
800d0819 | 84 | .B \-l |
2fea3940 | 85 | option prevents any authentication based on the user's |
35c2b9ad | 86 | ``.rhosts'' file, unless the user is logging in as the superuser. |
9ada66f8 KM |
87 | .PP |
88 | The parent of the login process manipulates the master side of | |
bdde3a80 | 89 | the pseudo terminal, operating as an intermediary |
9ada66f8 KM |
90 | between the login process and the client instance of the |
91 | .I rlogin | |
92 | program. In normal operation, the packet protocol described | |
93 | in | |
94 | .IR pty (4) | |
95 | is invoked to provide ^S/^Q type facilities and propagate | |
96 | interrupt signals to the remote programs. The login process | |
97 | propagates the client terminal's baud rate and terminal type, | |
98 | as found in the environment variable, ``TERM''; see | |
99 | .IR environ (7). | |
be1d37d3 MK |
100 | The screen or window size of the terminal is requested from the client, |
101 | and window size changes from the client are propagated to the pseudo terminal. | |
35c2b9ad MK |
102 | .PP |
103 | Transport-level keepalive messages are enabled unless the | |
104 | .B \-n | |
105 | option is present. | |
106 | The use of keepalive messages allows sessions to be timed out | |
107 | if the client crashes or becomes unreachable. | |
9ada66f8 | 108 | .SH DIAGNOSTICS |
800d0819 MK |
109 | All initial diagnostic messages are indicated |
110 | by a leading byte with a value of 1, | |
9ada66f8 | 111 | after which any network connections are closed. |
800d0819 MK |
112 | If there are no errors before |
113 | .I login | |
114 | is invoked, a null byte is returned as in indication of success. | |
9ada66f8 | 115 | .PP |
9ada66f8 KM |
116 | .B ``Try again.'' |
117 | .br | |
118 | A | |
119 | .I fork | |
120 | by the server failed. | |
2fea3940 | 121 | .SH "SEE ALSO" |
800d0819 | 122 | login(1), ruserok(3), rshd(8) |
9ada66f8 KM |
123 | .SH BUGS |
124 | The authentication procedure used here assumes the integrity | |
125 | of each client machine and the connecting medium. This is | |
126 | insecure, but is useful in an ``open'' environment. | |
127 | .PP | |
128 | A facility to allow all data exchanges to be encrypted should be | |
129 | present. | |
14dbbfdc MK |
130 | .PP |
131 | A more extensible protocol should be used. |