| 1 | .\" Copyright (c) 1983 Regents of the University of California.
|
|---|
| 2 | .\" All rights reserved. The Berkeley software License Agreement
|
|---|
| 3 | .\" specifies the terms and conditions for redistribution.
|
|---|
| 4 | .\"
|
|---|
| 5 | .\" @(#)rlogind.8c 6.3 (Berkeley) 5/24/86
|
|---|
| 6 | .\"
|
|---|
| 7 | .TH RLOGIND 8 "May 24, 1986"
|
|---|
| 8 | .UC 5
|
|---|
| 9 | .SH NAME
|
|---|
| 10 | rlogind, in.rlogind \- remote login server
|
|---|
| 11 | .SH SYNOPSIS
|
|---|
| 12 | .B "login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind"
|
|---|
| 13 | .br
|
|---|
| 14 | .B "tcpd login /usr/sbin/in.rlogind"
|
|---|
| 15 | .SH DESCRIPTION
|
|---|
| 16 | .B Rlogind
|
|---|
| 17 | is the server for the
|
|---|
| 18 | .BR rlogin (1)
|
|---|
| 19 | program. The server provides a remote login facility
|
|---|
| 20 | with authentication based on privileged port numbers from trusted hosts.
|
|---|
| 21 | .PP
|
|---|
| 22 | .B Rlogind
|
|---|
| 23 | listens for service requests at the port indicated in
|
|---|
| 24 | the ``login'' service specification; see
|
|---|
| 25 | .BR services (5).
|
|---|
| 26 | When a service request is received the following protocol
|
|---|
| 27 | is initiated:
|
|---|
| 28 | .IP 1)
|
|---|
| 29 | The server checks the client's source port.
|
|---|
| 30 | If the port is not in the range 0-1023, the server
|
|---|
| 31 | aborts the connection.
|
|---|
| 32 | .IP 2)
|
|---|
| 33 | The server checks the client's source address
|
|---|
| 34 | and requests the corresponding host name (see
|
|---|
| 35 | .BR gethostbyaddr (3),
|
|---|
| 36 | .BR hosts (5)
|
|---|
| 37 | and
|
|---|
| 38 | .BR named (8)).
|
|---|
| 39 | If the hostname cannot be determined,
|
|---|
| 40 | the dot-notation representation of the host address is used.
|
|---|
| 41 | .PP
|
|---|
| 42 | Once the source port and address have been checked,
|
|---|
| 43 | .B rlogind
|
|---|
| 44 | allocates a pseudo terminal (see
|
|---|
| 45 | .BR tty (4)),
|
|---|
| 46 | and manipulates file descriptors so that the slave
|
|---|
| 47 | half of the pseudo terminal becomes the
|
|---|
| 48 | .B stdin ,
|
|---|
| 49 | .B stdout ,
|
|---|
| 50 | and
|
|---|
| 51 | .B stderr
|
|---|
| 52 | for a login process.
|
|---|
| 53 | The login process is an instance of the
|
|---|
| 54 | .BR login (1)
|
|---|
| 55 | program, invoked with the
|
|---|
| 56 | .B \-r
|
|---|
| 57 | option. The login process then proceeds with the authentication
|
|---|
| 58 | process as described in
|
|---|
| 59 | .BR rshd (8),
|
|---|
| 60 | but if automatic authentication fails, it reprompts the user
|
|---|
| 61 | to login as one finds on a standard terminal line.
|
|---|
| 62 | .PP
|
|---|
| 63 | The parent of the login process manipulates the master side of
|
|---|
| 64 | the pseduo terminal, operating as an intermediary
|
|---|
| 65 | between the login process and the client instance of the
|
|---|
| 66 | .B rlogin
|
|---|
| 67 | program. In normal operation, the packet protocol described
|
|---|
| 68 | in
|
|---|
| 69 | .BR tty (4)
|
|---|
| 70 | is invoked to provide ^S/^Q type facilities and propagate
|
|---|
| 71 | interrupt signals to the remote programs. The login process
|
|---|
| 72 | propagates the client terminal's baud rate and terminal type,
|
|---|
| 73 | as found in the environment variable, ``TERM''; see
|
|---|
| 74 | .BR environ (7).
|
|---|
| 75 | The screen or window size of the terminal is requested from the client,
|
|---|
| 76 | and window size changes from the client are propagated to the pseudo terminal.
|
|---|
| 77 | .SH "SEE ALSO"
|
|---|
| 78 | .BR rlogin (1).
|
|---|
| 79 | .SH DIAGNOSTICS
|
|---|
| 80 | All diagnostic messages are returned on the connection
|
|---|
| 81 | associated with the
|
|---|
| 82 | .BR stderr ,
|
|---|
| 83 | after which any network connections are closed.
|
|---|
| 84 | An error is indicated by a leading byte with a value of 1.
|
|---|
| 85 | .PP
|
|---|
| 86 | .B ``Try again.''
|
|---|
| 87 | .br
|
|---|
| 88 | A
|
|---|
| 89 | .B fork
|
|---|
| 90 | by the server failed.
|
|---|
| 91 | .PP
|
|---|
| 92 | .B ``/bin/sh: ...''
|
|---|
| 93 | .br
|
|---|
| 94 | The user's login shell could not be started.
|
|---|
| 95 | .SH BUGS
|
|---|
| 96 | The authentication procedure used here assumes the integrity
|
|---|
| 97 | of each client machine and the connecting medium. This is
|
|---|
| 98 | insecure, but is useful in an ``open'' environment.
|
|---|
| 99 | .PP
|
|---|
| 100 | A facility to allow all data exchanges to be encrypted should be
|
|---|
| 101 | present.
|
|---|
| 102 | .PP
|
|---|
| 103 | A more extensible protocol should be used.
|
|---|
