[unix-history] / usr / src / foreign / src / rlogind / rlogind.8

.\" Copyright (c) 1983, 1989 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms are permitted provided
.\" that: (1) source distributions retain this entire copyright notice and
.\" comment, and (2) distributions including binaries display the following
.\" acknowledgement:  ``This product includes software developed by the
.\" University of California, Berkeley and its contributors'' in the
.\" documentation or other materials provided with the distribution and in
.\" all advertising materials mentioning features or use of this software.
.\" Neither the name of the University nor the names of its contributors may
.\" be used to endorse or promote products derived from this software without
.\" specific prior written permission.
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.\"	@(#)rlogind.8	6.11 (Berkeley) 6/24/90
.\"
.TH RLOGIND 8 "June 24, 1990"
.UC 5
.SH NAME
rlogind \- remote login server
.SH SYNOPSIS
.B rlogind
[
.B \-aln
]
.SH DESCRIPTION
.I Rlogind
is the server for the 
.IR rlogin (1)
program.  The server provides a remote login facility
with authentication based on privileged port numbers from trusted hosts.
.PP
.I Rlogind
listens for service requests at the port indicated in
the ``login'' service specification; see
.IR services (5).
When a service request is received the following protocol
is initiated:
.IP 1)
The server checks the client's source port.
If the port is not in the range 512-1023, the server
aborts the connection.
.IP 2)
The server checks the client's source address
and requests the corresponding host name (see
IR gethostbyaddr (3),
.IR hosts (5)
and
.IR named (8)).
If the hostname cannot be determined,
the dot-notation representation of the host address is used.
If the hostname is in the same domain as the server (according to
the last two components of the domain name),
or if the
.B \-a
option is given,
the addresses for the hostname are requested,
verifying that the name and address correspond.
Normal authentication is bypassed if the address verification fails.
.PP
Once the source port and address have been checked, 
.I rlogind
proceeds with the authentication process described in
.IR rshd (8).
It then allocates a pseudo terminal (see 
.IR pty (4)),
and manipulates file descriptors so that the slave
half of the pseudo terminal becomes the 
.B stdin ,
.B stdout ,
and
.B stderr 
for a login process.
The login process is an instance of the
.IR login (1)
program, invoked with the
.B \-f
option if authentication has succeeded.
If automatic authentication fails, the user is
prompted to log in as if on a standard terminal line.  The
.B \-l
option prevents any authentication based on the user's
``.rhosts'' file, unless the user is logging in as the superuser.
.PP
The parent of the login process manipulates the master side of
the pseudo terminal, operating as an intermediary
between the login process and the client instance of the
.I rlogin
program.  In normal operation, the packet protocol described
in
.IR pty (4)
is invoked to provide ^S/^Q type facilities and propagate
interrupt signals to the remote programs.  The login process
propagates the client terminal's baud rate and terminal type,
as found in the environment variable, ``TERM''; see
.IR environ (7).
The screen or window size of the terminal is requested from the client,
and window size changes from the client are propagated to the pseudo terminal.
.PP
Transport-level keepalive messages are enabled unless the
.B \-n
option is present.
The use of keepalive messages allows sessions to be timed out
if the client crashes or becomes unreachable.
.SH DIAGNOSTICS
All initial diagnostic messages are indicated
by a leading byte with a value of 1,
after which any network connections are closed.
If there are no errors before
.I login
is invoked, a null byte is returned as in indication of success.
.PP
.B ``Try again.''
.br
A
.I fork
by the server failed.
.SH "SEE ALSO"
login(1), ruserok(3), rshd(8)
.SH BUGS
The authentication procedure used here assumes the integrity
of each client machine and the connecting medium.  This is
insecure, but is useful in an ``open'' environment.
.PP
A facility to allow all data exchanges to be encrypted should be
present.
.PP
A more extensible protocol should be used.
Commit	Line	Data
800d0819	1	.\" Copyright (c) 1983, 1989 The Regents of the University of California.
eb97b157	2	.\" All rights reserved.
9ada66f8	3	.\"
1c15e888 C	4	.\" Redistribution and use in source and binary forms are permitted provided
	5	.\" that: (1) source distributions retain this entire copyright notice and
	6	.\" comment, and (2) distributions including binaries display the following
	7	.\" acknowledgement: ``This product includes software developed by the
	8	.\" University of California, Berkeley and its contributors'' in the
	9	.\" documentation or other materials provided with the distribution and in
	10	.\" all advertising materials mentioning features or use of this software.
	11	.\" Neither the name of the University nor the names of its contributors may
	12	.\" be used to endorse or promote products derived from this software without
	13	.\" specific prior written permission.
	14	.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
	15	.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
	16	.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
9ada66f8	17	.\"
1c15e888	18	.\" @(#)rlogind.8 6.11 (Berkeley) 6/24/90
eb97b157	19	.\"
1c15e888	20	.TH RLOGIND 8 "June 24, 1990"
9ada66f8 KM	21	.UC 5
	22	.SH NAME
	23	rlogind \- remote login server
	24	.SH SYNOPSIS
800d0819	25	.B rlogind
9ada66f8	26	[
800d0819	27	.B \-aln
9ada66f8 KM	28	]
	29	.SH DESCRIPTION
	30	.I Rlogind
	31	is the server for the
2fea3940	32	.IR rlogin (1)
9ada66f8	33	program. The server provides a remote login facility
be1d37d3	34	with authentication based on privileged port numbers from trusted hosts.
9ada66f8 KM	35	.PP
	36	.I Rlogind
	37	listens for service requests at the port indicated in
	38	the ``login'' service specification; see
	39	.IR services (5).
	40	When a service request is received the following protocol
	41	is initiated:
	42	.IP 1)
	43	The server checks the client's source port.
35c2b9ad	44	If the port is not in the range 512-1023, the server
9ada66f8 KM	45	aborts the connection.
9ada66f8 KM	46	.IP 2)
14dbbfdc MK	47	The server checks the client's source address
14dbbfdc MK	48	and requests the corresponding host name (see
800d0819	49	IR gethostbyaddr (3),
be1d37d3 MK	50	.IR hosts (5)
be1d37d3 MK	51	and
14dbbfdc MK	52	.IR named (8)).
14dbbfdc MK	53	If the hostname cannot be determined,
be1d37d3	54	the dot-notation representation of the host address is used.
800d0819 MK	55	If the hostname is in the same domain as the server (according to
	56	the last two components of the domain name),
	57	or if the
	58	.B \-a
	59	option is given,
	60	the addresses for the hostname are requested,
	61	verifying that the name and address correspond.
	62	Normal authentication is bypassed if the address verification fails.
9ada66f8 KM	63	.PP
	64	Once the source port and address have been checked,
	65	.I rlogind
bdde3a80	66	proceeds with the authentication process described in
7aa778ca	67	.IR rshd (8).
bdde3a80	68	It then allocates a pseudo terminal (see
9ada66f8 KM	69	.IR pty (4)),
	70	and manipulates file descriptors so that the slave
	71	half of the pseudo terminal becomes the
	72	.B stdin ,
	73	.B stdout ,
	74	and
	75	.B stderr
	76	for a login process.
	77	The login process is an instance of the
	78	.IR login (1)
	79	program, invoked with the
bdde3a80 KF	80	.B \-f
	81	option if authentication has succeeded.
	82	If automatic authentication fails, the user is
	83	prompted to log in as if on a standard terminal line. The
800d0819	84	.B \-l
2fea3940	85	option prevents any authentication based on the user's
35c2b9ad	86	``.rhosts'' file, unless the user is logging in as the superuser.
9ada66f8 KM	87	.PP
9ada66f8 KM	88	The parent of the login process manipulates the master side of
bdde3a80	89	the pseudo terminal, operating as an intermediary
9ada66f8 KM	90	between the login process and the client instance of the
	91	.I rlogin
	92	program. In normal operation, the packet protocol described
	93	in
	94	.IR pty (4)
	95	is invoked to provide ^S/^Q type facilities and propagate
	96	interrupt signals to the remote programs. The login process
	97	propagates the client terminal's baud rate and terminal type,
	98	as found in the environment variable, ``TERM''; see
	99	.IR environ (7).
be1d37d3 MK	100	The screen or window size of the terminal is requested from the client,
be1d37d3 MK	101	and window size changes from the client are propagated to the pseudo terminal.
35c2b9ad MK	102	.PP
	103	Transport-level keepalive messages are enabled unless the
	104	.B \-n
	105	option is present.
	106	The use of keepalive messages allows sessions to be timed out
	107	if the client crashes or becomes unreachable.
9ada66f8	108	.SH DIAGNOSTICS
800d0819 MK	109	All initial diagnostic messages are indicated
800d0819 MK	110	by a leading byte with a value of 1,
9ada66f8	111	after which any network connections are closed.
800d0819 MK	112	If there are no errors before
	113	.I login
	114	is invoked, a null byte is returned as in indication of success.
9ada66f8	115	.PP
9ada66f8 KM	116	.B ``Try again.''
	117	.br
	118	A
	119	.I fork
	120	by the server failed.
2fea3940	121	.SH "SEE ALSO"
800d0819	122	login(1), ruserok(3), rshd(8)
9ada66f8 KM	123	.SH BUGS
	124	The authentication procedure used here assumes the integrity
	125	of each client machine and the connecting medium. This is
	126	insecure, but is useful in an ``open'' environment.
	127	.PP
	128	A facility to allow all data exchanges to be encrypted should be
	129	present.
14dbbfdc MK	130	.PP
14dbbfdc MK	131	A more extensible protocol should be used.