1 | .\" Copyright (c) 1983 Regents of the University of California.
|
---|
2 | .\" All rights reserved. The Berkeley software License Agreement
|
---|
3 | .\" specifies the terms and conditions for redistribution.
|
---|
4 | .\"
|
---|
5 | .\" @(#)rlogind.8c 6.3 (Berkeley) 5/24/86
|
---|
6 | .\"
|
---|
7 | .TH RLOGIND 8 "May 24, 1986"
|
---|
8 | .UC 5
|
---|
9 | .SH NAME
|
---|
10 | rlogind, in.rlogind \- remote login server
|
---|
11 | .SH SYNOPSIS
|
---|
12 | .B "login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind"
|
---|
13 | .br
|
---|
14 | .B "tcpd login /usr/sbin/in.rlogind"
|
---|
15 | .SH DESCRIPTION
|
---|
16 | .B Rlogind
|
---|
17 | is the server for the
|
---|
18 | .BR rlogin (1)
|
---|
19 | program. The server provides a remote login facility
|
---|
20 | with authentication based on privileged port numbers from trusted hosts.
|
---|
21 | .PP
|
---|
22 | .B Rlogind
|
---|
23 | listens for service requests at the port indicated in
|
---|
24 | the ``login'' service specification; see
|
---|
25 | .BR services (5).
|
---|
26 | When a service request is received the following protocol
|
---|
27 | is initiated:
|
---|
28 | .IP 1)
|
---|
29 | The server checks the client's source port.
|
---|
30 | If the port is not in the range 0-1023, the server
|
---|
31 | aborts the connection.
|
---|
32 | .IP 2)
|
---|
33 | The server checks the client's source address
|
---|
34 | and requests the corresponding host name (see
|
---|
35 | .BR gethostbyaddr (3),
|
---|
36 | .BR hosts (5)
|
---|
37 | and
|
---|
38 | .BR named (8)).
|
---|
39 | If the hostname cannot be determined,
|
---|
40 | the dot-notation representation of the host address is used.
|
---|
41 | .PP
|
---|
42 | Once the source port and address have been checked,
|
---|
43 | .B rlogind
|
---|
44 | allocates a pseudo terminal (see
|
---|
45 | .BR tty (4)),
|
---|
46 | and manipulates file descriptors so that the slave
|
---|
47 | half of the pseudo terminal becomes the
|
---|
48 | .B stdin ,
|
---|
49 | .B stdout ,
|
---|
50 | and
|
---|
51 | .B stderr
|
---|
52 | for a login process.
|
---|
53 | The login process is an instance of the
|
---|
54 | .BR login (1)
|
---|
55 | program, invoked with the
|
---|
56 | .B \-r
|
---|
57 | option. The login process then proceeds with the authentication
|
---|
58 | process as described in
|
---|
59 | .BR rshd (8),
|
---|
60 | but if automatic authentication fails, it reprompts the user
|
---|
61 | to login as one finds on a standard terminal line.
|
---|
62 | .PP
|
---|
63 | The parent of the login process manipulates the master side of
|
---|
64 | the pseduo terminal, operating as an intermediary
|
---|
65 | between the login process and the client instance of the
|
---|
66 | .B rlogin
|
---|
67 | program. In normal operation, the packet protocol described
|
---|
68 | in
|
---|
69 | .BR tty (4)
|
---|
70 | is invoked to provide ^S/^Q type facilities and propagate
|
---|
71 | interrupt signals to the remote programs. The login process
|
---|
72 | propagates the client terminal's baud rate and terminal type,
|
---|
73 | as found in the environment variable, ``TERM''; see
|
---|
74 | .BR environ (7).
|
---|
75 | The screen or window size of the terminal is requested from the client,
|
---|
76 | and window size changes from the client are propagated to the pseudo terminal.
|
---|
77 | .SH "SEE ALSO"
|
---|
78 | .BR rlogin (1).
|
---|
79 | .SH DIAGNOSTICS
|
---|
80 | All diagnostic messages are returned on the connection
|
---|
81 | associated with the
|
---|
82 | .BR stderr ,
|
---|
83 | after which any network connections are closed.
|
---|
84 | An error is indicated by a leading byte with a value of 1.
|
---|
85 | .PP
|
---|
86 | .B ``Try again.''
|
---|
87 | .br
|
---|
88 | A
|
---|
89 | .B fork
|
---|
90 | by the server failed.
|
---|
91 | .PP
|
---|
92 | .B ``/bin/sh: ...''
|
---|
93 | .br
|
---|
94 | The user's login shell could not be started.
|
---|
95 | .SH BUGS
|
---|
96 | The authentication procedure used here assumes the integrity
|
---|
97 | of each client machine and the connecting medium. This is
|
---|
98 | insecure, but is useful in an ``open'' environment.
|
---|
99 | .PP
|
---|
100 | A facility to allow all data exchanges to be encrypted should be
|
---|
101 | present.
|
---|
102 | .PP
|
---|
103 | A more extensible protocol should be used.
|
---|