103 lines
3.1 KiB
Groff
103 lines
3.1 KiB
Groff
.\" Copyright (c) 1983 Regents of the University of California.
|
|
.\" All rights reserved. The Berkeley software License Agreement
|
|
.\" specifies the terms and conditions for redistribution.
|
|
.\"
|
|
.\" @(#)rlogind.8c 6.3 (Berkeley) 5/24/86
|
|
.\"
|
|
.TH RLOGIND 8 "May 24, 1986"
|
|
.UC 5
|
|
.SH NAME
|
|
rlogind, in.rlogind \- remote login server
|
|
.SH SYNOPSIS
|
|
.B "login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind"
|
|
.br
|
|
.B "tcpd login /usr/sbin/in.rlogind"
|
|
.SH DESCRIPTION
|
|
.B Rlogind
|
|
is the server for the
|
|
.BR rlogin (1)
|
|
program. The server provides a remote login facility
|
|
with authentication based on privileged port numbers from trusted hosts.
|
|
.PP
|
|
.B Rlogind
|
|
listens for service requests at the port indicated in
|
|
the ``login'' service specification; see
|
|
.BR services (5).
|
|
When a service request is received the following protocol
|
|
is initiated:
|
|
.IP 1)
|
|
The server checks the client's source port.
|
|
If the port is not in the range 0-1023, the server
|
|
aborts the connection.
|
|
.IP 2)
|
|
The server checks the client's source address
|
|
and requests the corresponding host name (see
|
|
.BR gethostbyaddr (3),
|
|
.BR hosts (5)
|
|
and
|
|
.BR named (8)).
|
|
If the hostname cannot be determined,
|
|
the dot-notation representation of the host address is used.
|
|
.PP
|
|
Once the source port and address have been checked,
|
|
.B rlogind
|
|
allocates a pseudo terminal (see
|
|
.BR tty (4)),
|
|
and manipulates file descriptors so that the slave
|
|
half of the pseudo terminal becomes the
|
|
.B stdin ,
|
|
.B stdout ,
|
|
and
|
|
.B stderr
|
|
for a login process.
|
|
The login process is an instance of the
|
|
.BR login (1)
|
|
program, invoked with the
|
|
.B \-r
|
|
option. The login process then proceeds with the authentication
|
|
process as described in
|
|
.BR rshd (8),
|
|
but if automatic authentication fails, it reprompts the user
|
|
to login as one finds on a standard terminal line.
|
|
.PP
|
|
The parent of the login process manipulates the master side of
|
|
the pseduo terminal, operating as an intermediary
|
|
between the login process and the client instance of the
|
|
.B rlogin
|
|
program. In normal operation, the packet protocol described
|
|
in
|
|
.BR tty (4)
|
|
is invoked to provide ^S/^Q type facilities and propagate
|
|
interrupt signals to the remote programs. The login process
|
|
propagates the client terminal's baud rate and terminal type,
|
|
as found in the environment variable, ``TERM''; see
|
|
.BR environ (7).
|
|
The screen or window size of the terminal is requested from the client,
|
|
and window size changes from the client are propagated to the pseudo terminal.
|
|
.SH "SEE ALSO"
|
|
.BR rlogin (1).
|
|
.SH DIAGNOSTICS
|
|
All diagnostic messages are returned on the connection
|
|
associated with the
|
|
.BR stderr ,
|
|
after which any network connections are closed.
|
|
An error is indicated by a leading byte with a value of 1.
|
|
.PP
|
|
.B ``Try again.''
|
|
.br
|
|
A
|
|
.B fork
|
|
by the server failed.
|
|
.PP
|
|
.B ``/bin/sh: ...''
|
|
.br
|
|
The user's login shell could not be started.
|
|
.SH BUGS
|
|
The authentication procedure used here assumes the integrity
|
|
of each client machine and the connecting medium. This is
|
|
insecure, but is useful in an ``open'' environment.
|
|
.PP
|
|
A facility to allow all data exchanges to be encrypted should be
|
|
present.
|
|
.PP
|
|
A more extensible protocol should be used.
|