Commit | Line | Data |
---|---|---|
a9834437 KB |
1 | .\" Copyright (c) 1983, 1989, 1991, 1993 |
2 | .\" The Regents of the University of California. All rights reserved. | |
9ada66f8 | 3 | .\" |
d060d694 | 4 | .\" %sccs.include.redist.man% |
9ada66f8 | 5 | .\" |
a9834437 | 6 | .\" @(#)rlogind.8 8.1 (Berkeley) %G% |
eb97b157 | 7 | .\" |
0fccfdb8 CL |
8 | .Dd |
9 | .Dt RLOGIND 8 | |
10 | .Os BSD 4.2 | |
11 | .Sh NAME | |
12 | .Nm rlogind | |
13 | .Nd remote login server | |
14 | .Sh SYNOPSIS | |
15 | .Nm rlogind | |
16 | .Op Fl aln | |
17 | .Sh DESCRIPTION | |
18 | .Nm Rlogind | |
9ada66f8 | 19 | is the server for the |
0fccfdb8 | 20 | .Xr rlogin 1 |
9ada66f8 | 21 | program. The server provides a remote login facility |
be1d37d3 | 22 | with authentication based on privileged port numbers from trusted hosts. |
0fccfdb8 CL |
23 | .Pp |
24 | Options supported by | |
25 | .Nm rlogind : | |
26 | .Bl -tag -width Ds | |
27 | .It Fl a | |
28 | Ask hostname for verification. | |
29 | .It Fl l | |
30 | Prevent any authentication based on the user's | |
31 | .Dq Pa .rhosts | |
32 | file, unless the user is logging in as the superuser. | |
33 | .It Fl n | |
34 | Disable keep-alive messages. | |
35 | .El | |
36 | .Pp | |
37 | .Nm Rlogind | |
9ada66f8 KM |
38 | listens for service requests at the port indicated in |
39 | the ``login'' service specification; see | |
0fccfdb8 | 40 | .Xr services 5 . |
9ada66f8 KM |
41 | When a service request is received the following protocol |
42 | is initiated: | |
0fccfdb8 CL |
43 | .Bl -enum |
44 | .It | |
9ada66f8 | 45 | The server checks the client's source port. |
35c2b9ad | 46 | If the port is not in the range 512-1023, the server |
9ada66f8 | 47 | aborts the connection. |
0fccfdb8 | 48 | .It |
14dbbfdc MK |
49 | The server checks the client's source address |
50 | and requests the corresponding host name (see | |
0fccfdb8 CL |
51 | .Xr gethostbyaddr 3 , |
52 | .Xr hosts 5 | |
be1d37d3 | 53 | and |
0fccfdb8 | 54 | .Xr named 8 ) . |
14dbbfdc | 55 | If the hostname cannot be determined, |
be1d37d3 | 56 | the dot-notation representation of the host address is used. |
800d0819 MK |
57 | If the hostname is in the same domain as the server (according to |
58 | the last two components of the domain name), | |
59 | or if the | |
0fccfdb8 | 60 | .Fl a |
800d0819 MK |
61 | option is given, |
62 | the addresses for the hostname are requested, | |
63 | verifying that the name and address correspond. | |
64 | Normal authentication is bypassed if the address verification fails. | |
0fccfdb8 CL |
65 | .El |
66 | .Pp | |
9ada66f8 | 67 | Once the source port and address have been checked, |
0fccfdb8 | 68 | .Nm rlogind |
bdde3a80 | 69 | proceeds with the authentication process described in |
0fccfdb8 | 70 | .Xr rshd 8 . |
bdde3a80 | 71 | It then allocates a pseudo terminal (see |
0fccfdb8 | 72 | .Xr pty 4 ) , |
9ada66f8 KM |
73 | and manipulates file descriptors so that the slave |
74 | half of the pseudo terminal becomes the | |
0fccfdb8 CL |
75 | .Em stdin , |
76 | .Em stdout , | |
9ada66f8 | 77 | and |
0fccfdb8 | 78 | .Em stderr |
9ada66f8 KM |
79 | for a login process. |
80 | The login process is an instance of the | |
0fccfdb8 | 81 | .Xr login 1 |
9ada66f8 | 82 | program, invoked with the |
0fccfdb8 | 83 | .Fl f |
bdde3a80 KF |
84 | option if authentication has succeeded. |
85 | If automatic authentication fails, the user is | |
0fccfdb8 CL |
86 | prompted to log in as if on a standard terminal line. |
87 | .Pp | |
9ada66f8 | 88 | The parent of the login process manipulates the master side of |
bdde3a80 | 89 | the pseudo terminal, operating as an intermediary |
9ada66f8 | 90 | between the login process and the client instance of the |
0fccfdb8 | 91 | .Xr rlogin |
9ada66f8 KM |
92 | program. In normal operation, the packet protocol described |
93 | in | |
0fccfdb8 CL |
94 | .Xr pty 4 |
95 | is invoked to provide | |
96 | .Ql ^S/^Q | |
97 | type facilities and propagate | |
9ada66f8 KM |
98 | interrupt signals to the remote programs. The login process |
99 | propagates the client terminal's baud rate and terminal type, | |
0fccfdb8 CL |
100 | as found in the environment variable, |
101 | .Ql Ev TERM ; | |
102 | see | |
103 | .Xr environ 7 . | |
be1d37d3 MK |
104 | The screen or window size of the terminal is requested from the client, |
105 | and window size changes from the client are propagated to the pseudo terminal. | |
0fccfdb8 | 106 | .Pp |
35c2b9ad | 107 | Transport-level keepalive messages are enabled unless the |
0fccfdb8 | 108 | .Fl n |
35c2b9ad MK |
109 | option is present. |
110 | The use of keepalive messages allows sessions to be timed out | |
111 | if the client crashes or becomes unreachable. | |
0fccfdb8 | 112 | .Sh DIAGNOSTICS |
800d0819 MK |
113 | All initial diagnostic messages are indicated |
114 | by a leading byte with a value of 1, | |
9ada66f8 | 115 | after which any network connections are closed. |
800d0819 | 116 | If there are no errors before |
0fccfdb8 | 117 | .Xr login |
800d0819 | 118 | is invoked, a null byte is returned as in indication of success. |
0fccfdb8 CL |
119 | .Bl -tag -width Ds |
120 | .It Sy Try again. | |
9ada66f8 | 121 | A |
0fccfdb8 | 122 | .Xr fork |
9ada66f8 | 123 | by the server failed. |
0fccfdb8 CL |
124 | .El |
125 | .Sh SEE ALSO | |
126 | .Xr login 1 , | |
127 | .Xr ruserok 3 , | |
128 | .Xr rshd 8 | |
129 | .Sh BUGS | |
9ada66f8 KM |
130 | The authentication procedure used here assumes the integrity |
131 | of each client machine and the connecting medium. This is | |
132 | insecure, but is useful in an ``open'' environment. | |
0fccfdb8 | 133 | .Pp |
9ada66f8 KM |
134 | A facility to allow all data exchanges to be encrypted should be |
135 | present. | |
0fccfdb8 | 136 | .Pp |
14dbbfdc | 137 | A more extensible protocol should be used. |
0fccfdb8 CL |
138 | .Sh HISTORY |
139 | The | |
140 | .Nm | |
141 | command appeared in | |
142 | .Bx 4.2 . |