BSD 4_4_Lite1 release

[unix-history] / usr / src / libexec / telnetd / telnetd.8

diff --git a/usr/src/libexec/telnetd/telnetd.8 b/usr/src/libexec/telnetd/telnetd.8
index e0dc19b..fee5526 100644 (file)
--- a/usr/src/libexec/telnetd/telnetd.8
+++ b/usr/src/libexec/telnetd/telnetd.8
@@ -1,154 +1,605 @@
-.\" Copyright (c) 1983 The Regents of the University of California.
-.\" All rights reserved.
+.\" Copyright (c) 1983, 1993
+.\"    The Regents of the University of California.  All rights reserved.

 .\"
 .\"

-.\" %sccs.include.redist.man%
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"    This product includes software developed by the University of
+.\"    California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.

 .\"
 .\"

-.\"    @(#)telnetd.8   6.8 (Berkeley) %G%
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.

 .\"
 .\"

-.TH TELNETD 8 ""
-.UC 5
-.SH NAME
-telnetd \- DARPA TELNET protocol server
-.SH SYNOPSIS
-.B /etc/telnetd
-[\fB\-debug\fP [\fIport\fP]]
-[\fB\-l]
-[\fB\-D options\fP]
-[\fB\-D report\fP]
-[\fB\-D exercise\fP]
-[\fB\-D netdata\fP]
-[\fB\-D ptydata\fP]
-.SH DESCRIPTION
-.I Telnetd
-is a server which supports the DARPA standard
-.B TELNET
+.\"    @(#)telnetd.8   8.3 (Berkeley) 3/1/94
+.\"
+.Dd March 1, 1994
+.Dt TELNETD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm telnetd
+.Nd DARPA
+.Tn TELNET
+protocol server
+.Sh SYNOPSIS
+.Nm /usr/libexec/telnetd
+.Op Fl BUhlkns
+.Op Fl D Ar debugmode
+.Op Fl I Ns Ar initid
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl a Ar authmode
+.Op Fl edebug
+.Op Fl r Ns Ar lowpty-highpty
+.Op Fl u Ar len
+.Op Fl debug Op Ar port
+.Sh DESCRIPTION
+The
+.Nm telnetd
+command is a server which supports the
+.Tn DARPA
+standard
+.Tn TELNET

 virtual terminal protocol.
 virtual terminal protocol.

-.I Telnetd
-is invoked by the internet server (see
-.IR inetd (8)),
-normally for requests to connect to the
-.B TELNET
+.Nm Telnetd
+is normally invoked by the internet server (see
+.Xr inetd 8 )
+for requests to connect to the
+.Tn TELNET

 port as indicated by the
 port as indicated by the

-.I /etc/services
+.Pa /etc/services

 file (see
 file (see

-.IR services (5)).
-If the \fB\-debug\fP may be used, to start up \fBtelnetd\fP
+.Xr services 5 ) .
+The
+.Fl debug
+option may be used to start up
+.Nm telnetd

 manually, instead of through
 manually, instead of through

-.IR inetd (8).
-If started up this way, \fIport\fP may be specified to
-run \fItelnetd\fP on an alternate TCP port number.
-.PP
-The \fB\-D\fP option may be used for debugging purposes.
-This allows \fItelnet\fR to print out debugging information
-to the connection, allowing the user to see what telnetd
+.Xr inetd 8 .
+If started up this way, 
+.Ar port
+may be specified to run
+.Nm telnetd
+on an alternate
+.Tn TCP
+port number.
+.Pp
+The
+.Nm telnetd
+command accepts the following options:
+.Bl -tag -width "-a authmode"
+.It Fl a Ar authmode
+This option may be used for specifying what mode should
+be used for authentication.
+Note that this option is only useful if
+.Nm telnetd
+has been compiled with support for the
+.Dv AUTHENTICATION
+option.
+There are several valid values for
+.Ar authmode:
+.Bl -tag -width debug
+.It debug
+Turns on authentication debugging code.
+.It user
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user,
+and is allowed access to the specified account
+without providing a password.
+.It valid
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user.
+The
+.Xr login 1
+command will provide any additional user verification
+needed if the remote user is not allowed automatic
+access to the specified account.
+.It other
+Only allow connections that supply some authentication information.
+This option is currently not supported
+by any of the existing authentication mechanisms,
+and is thus the same as specifying
+.Fl a
+.Cm valid .
+.It none
+This is the default state.
+Authentication information is not required.
+If no or insufficient authentication information
+is provided, then the
+.Xr login 1
+program will provide the necessary user
+verification.
+.It off
+This disables the authentication code.
+All user verification will happen through the
+.Xr login 1
+program.
+.El
+.It Fl B
+Specifies bftp server mode.  In this mode,
+.Nm telnetd
+causes login to start a
+.Xr bftp 1
+session rather than the user's
+normal shell.  In bftp daemon mode normal
+logins are not supported, and it must be used
+on a port other than the normal
+.Tn TELNET
+port.
+.It Fl D Ar debugmode
+This option may be used for debugging purposes.
+This allows
+.Nm telnetd
+to print out debugging information
+to the connection, allowing the user to see what
+.Nm telnetd

 is doing.
 is doing.

-There are several modifiers:
-\fBoptions\fR prints information about the negotiation
-of \fBTELNET\fR options,
-\fBreport\fR prints the \fBoptions\fR information, plus
-some additional information about what processing is going on,
-\fBnetdata\fP displays the data stream received by \fItelnetd\fP,
-\fBptydata\fP displays data written to the pty, and
-\fBexercise\fR has not been implemented yet.
-.PP
-.I Telnetd
+There are several possible values for 
+.Ar debugmode:
+.Bl -tag -width exercise
+.It Cm options
+Prints information about the negotiation of
+.Tn TELNET
+options.
+.It Cm report
+Prints the 
+.Cm options
+information, plus some additional information
+about what processing is going on.
+.It Cm netdata
+Displays the data stream received by
+.Nm telnetd.
+.It Cm ptydata
+Displays data written to the pty.
+.It Cm exercise
+Has not been implemented yet.
+.El
+.It Fl debug
+Enables debugging on each socket created by
+.Nm telnetd
+(see
+.Dv SO_DEBUG
+in
+.Xr socket 2 ) .
+.It Fl edebug
+If
+.Nm telnetd
+has been compiled with support for data encryption, then the
+.Fl edebug
+option may be used to enable encryption debugging code.
+.It Fl h
+Disables the printing of host-specific information before
+login has been completed.
+.It Fl I Ar initid
+This option is only applicable to
+.Tn UNICOS
+systems prior to 7.0.
+It specifies the
+.Dv ID
+from
+.Pa /etc/inittab
+to use when init starts login sessions.  The default
+.Dv ID
+is
+.Dv fe.
+.It Fl k
+This option is only useful if
+.Nm telnetd
+has been compiled with both linemode and kludge linemode
+support.  If the
+.Fl k
+option is specified, then if the remote client does not
+support the
+.Dv LINEMODE
+option, then
+.Nm telnetd
+will operate in character at a time mode.
+It will still support kludge linemode, but will only
+go into kludge linemode if the remote client requests
+it.
+(This is done by by the client sending
+.Dv DONT SUPPRESS-GO-AHEAD
+and
+.Dv DONT ECHO . )
+The
+.Fl k
+option is most useful when there are remote clients
+that do not support kludge linemode, but pass the heuristic
+(if they respond with
+.Dv WILL TIMING-MARK
+in response to a
+.Dv DO TIMING-MARK)
+for kludge linemode support.
+.It Fl l
+Specifies line mode.  Tries to force clients to use line-
+at-a-time mode.
+If the
+.Dv LINEMODE
+option is not supported, it will go
+into kludge linemode.
+.It Fl n
+Disable
+.Dv TCP
+keep-alives.  Normally
+.Nm telnetd
+enables the
+.Tn TCP
+keep-alive mechanism to probe connections that
+have been idle for some period of time to determine
+if the client is still there, so that idle connections
+from machines that have crashed or can no longer
+be reached may be cleaned up.
+.It Fl r Ar lowpty-highpty
+This option is only enabled when
+.Nm telnetd
+is compiled for
+.Dv UNICOS.
+It specifies an inclusive range of pseudo-terminal devices to
+use.  If the system has sysconf variable
+.Dv _SC_CRAY_NPTY
+configured, the default pty search range is 0 to
+.Dv _SC_CRAY_NPTY;
+otherwise, the default range is 0 to 128.  Either
+.Ar lowpty
+or
+.Ar highpty
+may be omitted to allow changing
+either end of the search range.  If
+.Ar lowpty
+is omitted, the - character is still required so that
+.Nm telnetd
+can differentiate
+.Ar highpty
+from
+.Ar lowpty .
+.It Fl s
+This option is only enabled if
+.Nm telnetd
+is compiled with support for
+.Tn SecurID
+cards.
+It causes the
+.Fl s
+option to be passed on to
+.Xr login 1 ,
+and thus is only useful if
+.Xr login 1
+supports the
+.Fl s
+flag to indicate that only
+.Tn SecurID
+validated logins are allowed, and is
+usually useful for controlling remote logins
+from outside of a firewall.
+.It Fl S Ar tos
+.It Fl u Ar len
+This option is used to specify the size of the field
+in the
+.Dv utmp
+structure that holds the remote host name.
+If the resolved host name is longer than
+.Ar len ,
+the dotted decimal value will be used instead.
+This allows hosts with very long host names that
+overflow this field to still be uniquely identified.
+Specifying
+.Fl u0
+indicates that only dotted decimal addresses
+should be put into the
+.Pa utmp
+file.
+.It Fl U
+This option causes
+.Nm telnetd
+to refuse connections from addresses that
+cannot be mapped back into a symbolic name
+via the
+.Xr gethostbyaddr 3
+routine.
+.It Fl X Ar authtype
+This option is only valid if
+.Nm telnetd
+has been built with support for the authentication option.
+It disables the use of
+.Ar authtype
+authentication, and
+can be used to temporarily disable
+a specific authentication type without having to recompile
+.Nm telnetd .
+.El
+.Pp
+.Nm Telnetd

 operates by allocating a pseudo-terminal device (see
 operates by allocating a pseudo-terminal device (see

-.IR pty (4))
+.Xr pty 4 )

 for a client, then creating a login process which has
 the slave side of the pseudo-terminal as 
 for a client, then creating a login process which has
 the slave side of the pseudo-terminal as 

-.BR stdin ,
-.BR stdout ,
+.Dv stdin ,
+.Dv stdout

 and
 and

-.BR stderr .
-.I Telnetd
+.Dv stderr .
+.Nm Telnetd

 manipulates the master side of the pseudo-terminal,
 implementing the
 manipulates the master side of the pseudo-terminal,
 implementing the

-.B TELNET
+.Tn TELNET

 protocol and passing characters
 between the remote client and the login process.
 protocol and passing characters
 between the remote client and the login process.

-.PP
+.Pp

 When a
 When a

-.B TELNET
+.Tn TELNET

 session is started up, 
 session is started up, 

-.I telnetd
+.Nm telnetd

 sends
 sends

-.B TELNET
+.Tn TELNET

 options to the client side indicating
 options to the client side indicating

-a willingness to do
-.I remote echo
-of characters, to
-.I suppress go
-.IR ahead ,
-to do
-.I remote flow
-.IR control ,
-and to receive
-.I terminal type
-.IR information ,
-.I terminal speed
-.IR information ,
-and
-.I window size information
-from the remote client.
-If the remote client is willing, the remote terminal type is
-propagated in the environment of the created login process.
+a willingness to do the
+following
+.Tn TELNET
+options, which are described in more detail below:
+.Bd -literal -offset indent
+DO AUTHENTICATION
+WILL ENCRYPT
+DO TERMINAL TYPE
+DO TSPEED
+DO XDISPLOC
+DO NEW-ENVIRON
+DO ENVIRON
+WILL SUPPRESS GO AHEAD
+DO ECHO
+DO LINEMODE
+DO NAWS
+WILL STATUS
+DO LFLOW
+DO TIMING-MARK
+.Ed
+.Pp

 The pseudo-terminal allocated to the client is configured
 The pseudo-terminal allocated to the client is configured

-to operate in \*(lqcooked\*(rq mode, and with XTABS and CRMOD
+to operate in \*(lqcooked\*(rq mode, and with
+.Dv XTABS and
+.Dv CRMOD

 enabled (see
 enabled (see

-.IR tty (4)).
-.PP
-.I Telnetd
-is willing to
-.IR do :
-.IR echo ,
-.IR binary ,
-.I suppress go
-.IR ahead ,
-and
-.I timing
-.IR mark .
-.I Telnetd
-is willing to have the remote client
-.IR do :
-.IR linemode ,
-.IR binary ,
-.I terminal
-.IR type ,
-.I terminal
-.IR speed ,
-.I window
-.IR size ,
-.I toggle flow
-.IR control ,
-.IR environment ,
-.I X display
-.IR location ,
-and
-.I suppress go
-.IR ahead .
-.SH "SEE ALSO"
-telnet(1)
-.SH BUGS
+.Xr tty 4 ) .
+.Pp
+.Nm Telnetd
+has support for enabling locally the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "WILL ECHO"
+When the
+.Dv LINEMODE
+option is enabled, a
+.Dv WILL ECHO
+or
+.Dv WONT ECHO
+will be sent to the client to indicate the
+current state of terminal echoing.
+When terminal echo is not desired, a
+.Dv WILL ECHO
+is sent to indicate that
+.Tn telnetd
+will take care of echoing any data that needs to be
+echoed to the terminal, and then nothing is echoed.
+When terminal echo is desired, a
+.Dv WONT ECHO
+is sent to indicate that
+.Tn telnetd
+will not be doing any terminal echoing, so the
+client should do any terminal echoing that is needed.
+.It "WILL BINARY"
+Indicates that the client is willing to send a
+8 bits of data, rather than the normal 7 bits
+of the Network Virtual Terminal.
+.It "WILL SGA"
+Indicates that it will not be sending
+.Dv IAC GA,
+go ahead, commands.
+.It "WILL STATUS"
+Indicates a willingness to send the client, upon
+request, of the current status of all
+.Tn TELNET
+options.
+.It "WILL TIMING-MARK"
+Whenever a
+.Dv DO TIMING-MARK
+command is received, it is always responded
+to with a
+.Dv WILL TIMING-MARK
+.It "WILL LOGOUT"
+When a
+.Dv DO LOGOUT
+is received, a
+.Dv WILL LOGOUT
+is sent in response, and the
+.Tn TELNET
+session is shut down.
+.It "WILL ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.El
+.Pp
+.Nm Telnetd
+has support for enabling remotely the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "DO BINARY"
+Sent to indicate that
+.Tn telnetd
+is willing to receive an 8 bit data stream.
+.It "DO LFLOW"
+Requests that the client handle flow control
+characters remotely.
+.It "DO ECHO"
+This is not really supported, but is sent to identify a 4.2BSD
+.Xr telnet 1
+client, which will improperly respond with
+.Dv WILL ECHO.
+If a
+.Dv WILL ECHO
+is received, a
+.Dv DONT ECHO
+will be sent in response.
+.It "DO TERMINAL-TYPE"
+Indicates a desire to be able to request the
+name of the type of terminal that is attached
+to the client side of the connection.
+.It "DO SGA"
+Indicates that it does not need to receive
+.Dv IAC GA,
+the go ahead command.
+.It "DO NAWS"
+Requests that the client inform the server when
+the window (display) size changes.
+.It "DO TERMINAL-SPEED"
+Indicates a desire to be able to request information
+about the speed of the serial line to which
+the client is attached.
+.It "DO XDISPLOC"
+Indicates a desire to be able to request the name
+of the X windows display that is associated with
+the telnet client.
+.It "DO NEW-ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1572.
+.It "DO ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1408.
+.It "DO LINEMODE"
+Only sent if
+.Nm telnetd
+is compiled with support for linemode, and
+requests that the client do line by line processing.
+.It "DO TIMING-MARK"
+Only sent if
+.Nm telnetd
+is compiled with support for both linemode and
+kludge linemode, and the client responded with
+.Dv WONT LINEMODE.
+If the client responds with
+.Dv WILL TM,
+the it is assumed that the client supports
+kludge linemode.
+Note that the
+.Op Fl k
+option can be used to disable this.
+.It "DO AUTHENTICATION"
+Only sent if
+.Nm telnetd
+is compiled with support for authentication, and
+indicates a willingness to receive authentication
+information for automatic login.
+.It "DO ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.Sh ENVIRONMENT
+.Sh FILES
+.Pa /etc/services
+.br
+.Pa /etc/inittab
+(UNICOS systems only)
+.br
+.Pa /etc/iptos
+(if supported)
+.br
+.Pa /usr/ucb/bftp
+(if supported)
+.Sh "SEE ALSO"
+.Xr telnet 1 ,
+.Xr login 1 ,
+.Xr bftp 1
+(if supported)
+.Sh STANDARDS
+.Bl -tag -compact -width RFC-1572
+.It Cm RFC-854
+.Tn TELNET
+PROTOCOL SPECIFICATION
+.It Cm RFC-855
+TELNET OPTION SPECIFICATIONS
+.It Cm RFC-856
+TELNET BINARY TRANSMISSION
+.It Cm RFC-857
+TELNET ECHO OPTION
+.It Cm RFC-858
+TELNET SUPPRESS GO AHEAD OPTION
+.It Cm RFC-859
+TELNET STATUS OPTION
+.It Cm RFC-860
+TELNET TIMING MARK OPTION
+.It Cm RFC-861
+TELNET EXTENDED OPTIONS - LIST OPTION
+.It Cm RFC-885
+TELNET END OF RECORD OPTION
+.It Cm RFC-1073
+Telnet Window Size Option
+.It Cm RFC-1079
+Telnet Terminal Speed Option
+.It Cm RFC-1091
+Telnet Terminal-Type Option
+.It Cm RFC-1096
+Telnet X Display Location Option
+.It Cm RFC-1123
+Requirements for Internet Hosts -- Application and Support
+.It Cm RFC-1184
+Telnet Linemode Option
+.It Cm RFC-1372
+Telnet Remote Flow Control Option
+.It Cm RFC-1416
+Telnet Authentication Option
+.It Cm RFC-1411
+Telnet Authentication: Kerberos Version 4
+.It Cm RFC-1412
+Telnet Authentication: SPX
+.It Cm RFC-1571
+Telnet Environment Option Interoperability Issues
+.It Cm RFC-1572
+Telnet Environment Option
+.Sh BUGS

 Some
 Some

-.B TELNET
+.Tn TELNET

 commands are only partially implemented.
 commands are only partially implemented.

-.PP
+.Pp

 Because of bugs in the original 4.2 BSD
 Because of bugs in the original 4.2 BSD

-.IR telnet (1),
-.I telnetd
+.Xr telnet 1 ,
+.Nm telnetd

 performs some dubious protocol exchanges to try to discover if the remote
 client is, in fact, a 4.2 BSD
 performs some dubious protocol exchanges to try to discover if the remote
 client is, in fact, a 4.2 BSD

-.IR telnet (1).
-.PP
-.I Binary mode
+.Xr telnet 1 .
+.Pp
+Binary mode

 has no common interpretation except between similar operating systems
 (Unix in this case).
 has no common interpretation except between similar operating systems
 (Unix in this case).

-.PP
+.Pp

 The terminal type name received from the remote client is converted to
 lower case.
 The terminal type name received from the remote client is converted to
 lower case.

-.PP
-.I Telnetd
+.Pp
+.Nm Telnetd

 never sends
 never sends

-.B TELNET
-.I go ahead
-commands.
+.Tn TELNET
+.Dv IAC GA
+(go ahead) commands.