]> git.saurik.com Git - apple/network_cmds.git/blame - rlogind.tproj/rlogind.8
network_cmds-176.tar.gz
[apple/network_cmds.git] / rlogind.tproj / rlogind.8
CommitLineData
b7080c8e
A
1.\" Copyright (c) 1983, 1989, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)rlogind.8 8.1 (Berkeley) 6/4/93
33.\"
34.Dd June 4, 1993
35.Dt RLOGIND 8
36.Os BSD 4.2
37.Sh NAME
38.Nm rlogind
39.Nd remote login server
40.Sh SYNOPSIS
41.Nm rlogind
42.Op Fl aln
43.Sh DESCRIPTION
44.Nm Rlogind
45is the server for the
46.Xr rlogin 1
47program. The server provides a remote login facility
48with authentication based on privileged port numbers from trusted hosts.
49.Pp
50Options supported by
51.Nm rlogind :
52.Bl -tag -width Ds
53.It Fl a
54Ask hostname for verification.
55.It Fl l
56Prevent any authentication based on the user's
57.Dq Pa .rhosts
58file, unless the user is logging in as the superuser.
59.It Fl n
60Disable keep-alive messages.
61.El
62.Pp
63.Nm Rlogind
64listens for service requests at the port indicated in
65the ``login'' service specification; see
66.Xr services 5 .
67When a service request is received the following protocol
68is initiated:
69.Bl -enum
70.It
71The server checks the client's source port.
72If the port is not in the range 512-1023, the server
73aborts the connection.
74.It
75The server checks the client's source address
76and requests the corresponding host name (see
77.Xr gethostbyaddr 3 ,
78.Xr hosts 5
79and
80.Xr named 8 ) .
81If the hostname cannot be determined,
82the dot-notation representation of the host address is used.
83If the hostname is in the same domain as the server (according to
84the last two components of the domain name),
85or if the
86.Fl a
87option is given,
88the addresses for the hostname are requested,
89verifying that the name and address correspond.
90Normal authentication is bypassed if the address verification fails.
91.El
92.Pp
93Once the source port and address have been checked,
94.Nm rlogind
95proceeds with the authentication process described in
96.Xr rshd 8 .
97It then allocates a pseudo terminal (see
98.Xr pty 4 ) ,
99and manipulates file descriptors so that the slave
100half of the pseudo terminal becomes the
101.Em stdin ,
102.Em stdout ,
103and
104.Em stderr
105for a login process.
106The login process is an instance of the
107.Xr login 1
108program, invoked with the
109.Fl f
110option if authentication has succeeded.
111If automatic authentication fails, the user is
112prompted to log in as if on a standard terminal line.
113.Pp
114The parent of the login process manipulates the master side of
115the pseudo terminal, operating as an intermediary
116between the login process and the client instance of the
117.Xr rlogin
118program. In normal operation, the packet protocol described
119in
120.Xr pty 4
121is invoked to provide
122.Ql ^S/^Q
123type facilities and propagate
124interrupt signals to the remote programs. The login process
125propagates the client terminal's baud rate and terminal type,
126as found in the environment variable,
127.Ql Ev TERM ;
128see
129.Xr environ 7 .
130The screen or window size of the terminal is requested from the client,
131and window size changes from the client are propagated to the pseudo terminal.
132.Pp
133Transport-level keepalive messages are enabled unless the
134.Fl n
135option is present.
136The use of keepalive messages allows sessions to be timed out
137if the client crashes or becomes unreachable.
138.Sh DIAGNOSTICS
139All initial diagnostic messages are indicated
140by a leading byte with a value of 1,
141after which any network connections are closed.
142If there are no errors before
143.Xr login
144is invoked, a null byte is returned as in indication of success.
145.Bl -tag -width Ds
146.It Sy Try again.
147A
148.Xr fork
149by the server failed.
150.El
151.Sh SEE ALSO
152.Xr login 1 ,
153.Xr ruserok 3 ,
154.Xr rshd 8
155.Sh BUGS
156The authentication procedure used here assumes the integrity
157of each client machine and the connecting medium. This is
158insecure, but is useful in an ``open'' environment.
159.Pp
160A facility to allow all data exchanges to be encrypted should be
161present.
162.Pp
163A more extensible protocol should be used.
164.Sh HISTORY
165The
166.Nm
167command appeared in
168.Bx 4.2 .