1.\" Copyright (c) 1983, 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)rlogind.8 8.1 (Berkeley) 6/4/93
|
33.\" $FreeBSD: head/libexec/rlogind/rlogind.8 55562 2000-01-07 13:14:32Z phantom $
|
33.\" $FreeBSD: head/libexec/rlogind/rlogind.8 56590 2000-01-25 14:52:10Z shin $ |
34.\" 35.Dd June 4, 1993 36.Dt RLOGIND 8 37.Os BSD 4.2 38.Sh NAME 39.Nm rlogind 40.Nd remote login server 41.Sh SYNOPSIS 42.Nm rlogind 43.Op Fl Daln 44.Sh DESCRIPTION 45.Nm Rlogind 46is the server for the 47.Xr rlogin 1 48program. The server provides a remote login facility 49with authentication based on privileged port numbers from trusted hosts. 50.Pp 51Options supported by 52.Nm Ns : 53.Bl -tag -width indent 54.It Fl D 55Set TCP_NODELAY socket option. This improves responsiveness at the expense of 56some additional network traffic. 57.It Fl a 58Ask hostname for verification. 59.It Fl l 60Prevent any authentication based on the user's 61.Dq Pa .rhosts 62file, unless the user is logging in as the superuser. 63.It Fl n 64Disable keep-alive messages. 65.El 66.Pp 67The following options are valid only if Kerberos is in use: 68.Bl -tag -width indent 69.It Fl k 70Enable Kerberos authentication. 71.It Fl v 72Enable vacuous mode. 73.It Fl x 74Enable 75.Tn DES 76encryption for all data passed via the rlogin 77session. This may impact response time 78and 79.Tn CPU 80utilization, but provides increased security. 81.El 82.Pp 83.Nm Rlogind 84listens for service requests at the port indicated in 85the 86.Dq login 87service specification; see 88.Xr services 5 . 89When a service request is received the following protocol 90is initiated: 91.Bl -enum 92.It 93The server checks the client's source port. 94If the port is not in the range 512-1023, the server 95aborts the connection. 96.It 97The server checks the client's source address 98and requests the corresponding host name (see 99.Xr gethostbyaddr 3 , 100.Xr hosts 5 101and 102.Xr named 8 ) . 103If the hostname cannot be determined, 104the dot-notation representation of the host address is used. 105If the hostname is in the same domain as the server (according to 106the last two components of the domain name), 107or if the 108.Fl a 109option is given, 110the addresses for the hostname are requested, 111verifying that the name and address correspond. 112Normal authentication is bypassed if the address verification fails. 113.El 114.Pp 115Once the source port and address have been checked, 116.Nm 117proceeds with the authentication process described in 118.Xr rshd 8 . 119It then allocates a pseudo terminal (see 120.Xr pty 4 ) , 121and manipulates file descriptors so that the slave 122half of the pseudo terminal becomes the 123.Em stdin , 124.Em stdout , 125and 126.Em stderr 127for a login process. 128The login process is an instance of the 129.Xr login 1 130program, invoked with the 131.Fl f 132option if authentication has succeeded. 133If automatic authentication fails, the user is 134prompted to log in as if on a standard terminal line. 135.Pp 136The parent of the login process manipulates the master side of 137the pseudo terminal, operating as an intermediary 138between the login process and the client instance of the 139.Xr rlogin 1 140program. In normal operation, the packet protocol described 141in 142.Xr pty 4 143is invoked to provide 144.Ql ^S/^Q 145type facilities and propagate 146interrupt signals to the remote programs. The login process 147propagates the client terminal's baud rate and terminal type, 148as found in the environment variable, 149.Ql Ev TERM ; 150see 151.Xr environ 7 . 152The screen or window size of the terminal is requested from the client, 153and window size changes from the client are propagated to the pseudo terminal. 154.Pp 155Transport-level keepalive messages are enabled unless the 156.Fl n 157option is present. 158The use of keepalive messages allows sessions to be timed out 159if the client crashes or becomes unreachable. 160.Sh DIAGNOSTICS 161All initial diagnostic messages are indicated 162by a leading byte with a value of 1, 163after which any network connections are closed. 164If there are no errors before 165.Xr login 1 166is invoked, a null byte is returned as in indication of success. 167.Bl -tag -width Ds 168.It Sy Try again. 169A 170.Xr fork 2 171by the server failed. 172.El 173.Sh SEE ALSO 174.Xr login 1 , 175.Xr ruserok 3 , 176.Xr hosts.equiv 5 , 177.Xr hosts 5 , 178.Xr login.conf 5 , 179.Xr nologin 5 , 180.Xr services 5 , 181.Xr rshd 8 . 182.Sh FILES 183.Bl -tag -width /etc/hostsxxxxxxxx -compact 184.It Pa /etc/hosts 185.It Pa /etc/hosts.equiv 186.Sm off 187.It Pa Ev $HOME /.rhosts 188.Sm on 189.It Pa /var/run/nologin 190.El 191.Sh BUGS 192The authentication procedure used here assumes the integrity 193of each client machine and the connecting medium. This is 194insecure, but is useful in an 195.Dq open 196environment. 197.Pp 198A facility to allow all data exchanges to be encrypted should be 199present. 200.Pp 201A more extensible protocol should be used. 202.Sh HISTORY 203The 204.Nm 205command appeared in 206.Bx 4.2 .
|
207.Pp 208IPv6 support was added by WIDE/KAME project. |
|