[9] | 1 | .\" Copyright (c) 1983 Regents of the University of California.
|
---|
| 2 | .\" All rights reserved. The Berkeley software License Agreement
|
---|
| 3 | .\" specifies the terms and conditions for redistribution.
|
---|
| 4 | .\"
|
---|
| 5 | .\" @(#)rlogind.8c 6.3 (Berkeley) 5/24/86
|
---|
| 6 | .\"
|
---|
| 7 | .TH RLOGIND 8 "May 24, 1986"
|
---|
| 8 | .UC 5
|
---|
| 9 | .SH NAME
|
---|
| 10 | rlogind, in.rlogind \- remote login server
|
---|
| 11 | .SH SYNOPSIS
|
---|
| 12 | .B "login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind"
|
---|
| 13 | .br
|
---|
| 14 | .B "tcpd login /usr/sbin/in.rlogind"
|
---|
| 15 | .SH DESCRIPTION
|
---|
| 16 | .B Rlogind
|
---|
| 17 | is the server for the
|
---|
| 18 | .BR rlogin (1)
|
---|
| 19 | program. The server provides a remote login facility
|
---|
| 20 | with authentication based on privileged port numbers from trusted hosts.
|
---|
| 21 | .PP
|
---|
| 22 | .B Rlogind
|
---|
| 23 | listens for service requests at the port indicated in
|
---|
| 24 | the ``login'' service specification; see
|
---|
| 25 | .BR services (5).
|
---|
| 26 | When a service request is received the following protocol
|
---|
| 27 | is initiated:
|
---|
| 28 | .IP 1)
|
---|
| 29 | The server checks the client's source port.
|
---|
| 30 | If the port is not in the range 0-1023, the server
|
---|
| 31 | aborts the connection.
|
---|
| 32 | .IP 2)
|
---|
| 33 | The server checks the client's source address
|
---|
| 34 | and requests the corresponding host name (see
|
---|
| 35 | .BR gethostbyaddr (3),
|
---|
| 36 | .BR hosts (5)
|
---|
| 37 | and
|
---|
| 38 | .BR named (8)).
|
---|
| 39 | If the hostname cannot be determined,
|
---|
| 40 | the dot-notation representation of the host address is used.
|
---|
| 41 | .PP
|
---|
| 42 | Once the source port and address have been checked,
|
---|
| 43 | .B rlogind
|
---|
| 44 | allocates a pseudo terminal (see
|
---|
| 45 | .BR tty (4)),
|
---|
| 46 | and manipulates file descriptors so that the slave
|
---|
| 47 | half of the pseudo terminal becomes the
|
---|
| 48 | .B stdin ,
|
---|
| 49 | .B stdout ,
|
---|
| 50 | and
|
---|
| 51 | .B stderr
|
---|
| 52 | for a login process.
|
---|
| 53 | The login process is an instance of the
|
---|
| 54 | .BR login (1)
|
---|
| 55 | program, invoked with the
|
---|
| 56 | .B \-r
|
---|
| 57 | option. The login process then proceeds with the authentication
|
---|
| 58 | process as described in
|
---|
| 59 | .BR rshd (8),
|
---|
| 60 | but if automatic authentication fails, it reprompts the user
|
---|
| 61 | to login as one finds on a standard terminal line.
|
---|
| 62 | .PP
|
---|
| 63 | The parent of the login process manipulates the master side of
|
---|
| 64 | the pseduo terminal, operating as an intermediary
|
---|
| 65 | between the login process and the client instance of the
|
---|
| 66 | .B rlogin
|
---|
| 67 | program. In normal operation, the packet protocol described
|
---|
| 68 | in
|
---|
| 69 | .BR tty (4)
|
---|
| 70 | is invoked to provide ^S/^Q type facilities and propagate
|
---|
| 71 | interrupt signals to the remote programs. The login process
|
---|
| 72 | propagates the client terminal's baud rate and terminal type,
|
---|
| 73 | as found in the environment variable, ``TERM''; see
|
---|
| 74 | .BR environ (7).
|
---|
| 75 | The screen or window size of the terminal is requested from the client,
|
---|
| 76 | and window size changes from the client are propagated to the pseudo terminal.
|
---|
| 77 | .SH "SEE ALSO"
|
---|
| 78 | .BR rlogin (1).
|
---|
| 79 | .SH DIAGNOSTICS
|
---|
| 80 | All diagnostic messages are returned on the connection
|
---|
| 81 | associated with the
|
---|
| 82 | .BR stderr ,
|
---|
| 83 | after which any network connections are closed.
|
---|
| 84 | An error is indicated by a leading byte with a value of 1.
|
---|
| 85 | .PP
|
---|
| 86 | .B ``Try again.''
|
---|
| 87 | .br
|
---|
| 88 | A
|
---|
| 89 | .B fork
|
---|
| 90 | by the server failed.
|
---|
| 91 | .PP
|
---|
| 92 | .B ``/bin/sh: ...''
|
---|
| 93 | .br
|
---|
| 94 | The user's login shell could not be started.
|
---|
| 95 | .SH BUGS
|
---|
| 96 | The authentication procedure used here assumes the integrity
|
---|
| 97 | of each client machine and the connecting medium. This is
|
---|
| 98 | insecure, but is useful in an ``open'' environment.
|
---|
| 99 | .PP
|
---|
| 100 | A facility to allow all data exchanges to be encrypted should be
|
---|
| 101 | present.
|
---|
| 102 | .PP
|
---|
| 103 | A more extensible protocol should be used.
|
---|