2000-05-30 09:21:46 +04:00
|
|
|
.\" $NetBSD: rlogind.8,v 1.11 2000/05/30 05:21:49 itojun Exp $
|
1997-10-07 14:43:53 +04:00
|
|
|
.\"
|
1994-06-05 17:49:01 +04:00
|
|
|
.\" Copyright (c) 1983, 1989, 1991, 1993
|
|
|
|
.\" The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
|
|
.\" must display the following acknowledgement:
|
|
|
|
.\" This product includes software developed by the University of
|
|
|
|
.\" California, Berkeley and its contributors.
|
|
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
|
|
.\" may be used to endorse or promote products derived from this software
|
|
|
|
.\" without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
1994-06-05 17:49:01 +04:00
|
|
|
.\" from: @(#)rlogind.8 8.1 (Berkeley) 6/4/93
|
1993-03-21 12:45:37 +03:00
|
|
|
.\"
|
1996-11-08 10:47:44 +03:00
|
|
|
.Dd November 8, 1996
|
1993-03-21 12:45:37 +03:00
|
|
|
.Dt RLOGIND 8
|
1999-03-22 21:25:43 +03:00
|
|
|
.Os
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh NAME
|
|
|
|
.Nm rlogind
|
|
|
|
.Nd remote login server
|
|
|
|
.Sh SYNOPSIS
|
1997-10-20 06:42:46 +04:00
|
|
|
.Nm
|
1996-11-08 10:47:44 +03:00
|
|
|
.Op Fl alnL
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh DESCRIPTION
|
1997-10-20 06:42:46 +04:00
|
|
|
.Nm
|
1998-04-29 12:33:11 +04:00
|
|
|
is the server for the
|
1993-03-21 12:45:37 +03:00
|
|
|
.Xr rlogin 1
|
1998-04-29 12:33:11 +04:00
|
|
|
program.
|
|
|
|
The server provides a remote login facility with authentication
|
|
|
|
based on privileged port numbers from trusted hosts.
|
1993-03-21 12:45:37 +03:00
|
|
|
.Pp
|
|
|
|
Options supported by
|
1997-10-20 06:42:46 +04:00
|
|
|
.Nm "" :
|
1993-03-21 12:45:37 +03:00
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Fl a
|
|
|
|
Ask hostname for verification.
|
|
|
|
.It Fl l
|
|
|
|
Prevent any authentication based on the user's
|
|
|
|
.Dq Pa .rhosts
|
|
|
|
file, unless the user is logging in as the superuser.
|
|
|
|
.It Fl n
|
|
|
|
Disable keep-alive messages.
|
1996-11-08 10:47:44 +03:00
|
|
|
.It Fl L
|
|
|
|
Log all successful accesses to
|
|
|
|
.Xr syslogd 8
|
|
|
|
as
|
|
|
|
.Li auth.info
|
|
|
|
messages.
|
1993-03-21 12:45:37 +03:00
|
|
|
.El
|
|
|
|
.Pp
|
1998-04-29 12:33:11 +04:00
|
|
|
.Nm
|
1993-03-21 12:45:37 +03:00
|
|
|
listens for service requests at the port indicated in
|
|
|
|
the ``login'' service specification; see
|
|
|
|
.Xr services 5 .
|
1998-04-29 12:33:11 +04:00
|
|
|
When a service request is received the following protocol is initiated:
|
1993-03-21 12:45:37 +03:00
|
|
|
.Bl -enum
|
|
|
|
.It
|
|
|
|
The server checks the client's source port.
|
|
|
|
If the port is not in the range 512-1023, the server
|
|
|
|
aborts the connection.
|
|
|
|
.It
|
|
|
|
The server checks the client's source address
|
|
|
|
and requests the corresponding host name (see
|
|
|
|
.Xr gethostbyaddr 3 ,
|
|
|
|
.Xr hosts 5
|
|
|
|
and
|
|
|
|
.Xr named 8 ) .
|
|
|
|
If the hostname cannot be determined,
|
|
|
|
the dot-notation representation of the host address is used.
|
|
|
|
If the hostname is in the same domain as the server (according to
|
|
|
|
the last two components of the domain name),
|
|
|
|
or if the
|
|
|
|
.Fl a
|
|
|
|
option is given,
|
|
|
|
the addresses for the hostname are requested,
|
|
|
|
verifying that the name and address correspond.
|
|
|
|
Normal authentication is bypassed if the address verification fails.
|
|
|
|
.El
|
|
|
|
.Pp
|
1998-04-29 12:33:11 +04:00
|
|
|
Once the source port and address have been checked,
|
1997-10-20 06:42:46 +04:00
|
|
|
.Nm
|
1993-03-21 12:45:37 +03:00
|
|
|
proceeds with the authentication process described in
|
|
|
|
.Xr rshd 8 .
|
1998-04-29 12:33:11 +04:00
|
|
|
It then allocates a pseudo terminal (see
|
1993-03-21 12:45:37 +03:00
|
|
|
.Xr pty 4 ) ,
|
|
|
|
and manipulates file descriptors so that the slave
|
1998-04-29 12:33:11 +04:00
|
|
|
half of the pseudo terminal becomes the
|
1993-03-21 12:45:37 +03:00
|
|
|
.Em stdin ,
|
|
|
|
.Em stdout ,
|
|
|
|
and
|
|
|
|
.Em stderr
|
|
|
|
for a login process.
|
|
|
|
The login process is an instance of the
|
|
|
|
.Xr login 1
|
|
|
|
program, invoked with the
|
|
|
|
.Fl f
|
|
|
|
option if authentication has succeeded.
|
|
|
|
If automatic authentication fails, the user is
|
|
|
|
prompted to log in as if on a standard terminal line.
|
|
|
|
.Pp
|
|
|
|
The parent of the login process manipulates the master side of
|
|
|
|
the pseudo terminal, operating as an intermediary
|
|
|
|
between the login process and the client instance of the
|
1998-04-29 12:33:11 +04:00
|
|
|
.Xr rlogin 1
|
|
|
|
program.
|
|
|
|
In normal operation, the packet protocol described in
|
1993-03-21 12:45:37 +03:00
|
|
|
.Xr pty 4
|
|
|
|
is invoked to provide
|
|
|
|
.Ql ^S/^Q
|
|
|
|
type facilities and propagate
|
1998-04-29 12:33:11 +04:00
|
|
|
interrupt signals to the remote programs.
|
|
|
|
The login process propagates the client terminal's baud rate and
|
|
|
|
terminal type, as found in the environment variable,
|
1993-03-21 12:45:37 +03:00
|
|
|
.Ql Ev TERM ;
|
|
|
|
see
|
|
|
|
.Xr environ 7 .
|
|
|
|
The screen or window size of the terminal is requested from the client,
|
|
|
|
and window size changes from the client are propagated to the pseudo terminal.
|
|
|
|
.Pp
|
|
|
|
Transport-level keepalive messages are enabled unless the
|
|
|
|
.Fl n
|
|
|
|
option is present.
|
|
|
|
The use of keepalive messages allows sessions to be timed out
|
|
|
|
if the client crashes or becomes unreachable.
|
1998-08-29 21:31:55 +04:00
|
|
|
.Pp
|
|
|
|
At the end of a login session,
|
|
|
|
.Nm
|
|
|
|
invokes the
|
|
|
|
.Xr ttyaction 3
|
|
|
|
facility with an action of "rlogind" and user "root"
|
|
|
|
to execute site-specific commands.
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh DIAGNOSTICS
|
|
|
|
All initial diagnostic messages are indicated
|
|
|
|
by a leading byte with a value of 1,
|
|
|
|
after which any network connections are closed.
|
|
|
|
If there are no errors before
|
1998-04-29 12:33:11 +04:00
|
|
|
.Xr login 1
|
1993-03-21 12:45:37 +03:00
|
|
|
is invoked, a null byte is returned as in indication of success.
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Sy Try again.
|
|
|
|
A
|
1998-04-29 23:25:25 +04:00
|
|
|
.Xr fork 2
|
1993-03-21 12:45:37 +03:00
|
|
|
by the server failed.
|
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr login 1 ,
|
|
|
|
.Xr ruserok 3 ,
|
1998-08-29 21:31:55 +04:00
|
|
|
.Xr ttyacion 3 ,
|
1993-03-21 12:45:37 +03:00
|
|
|
.Xr rshd 8
|
|
|
|
.Sh BUGS
|
|
|
|
The authentication procedure used here assumes the integrity
|
1998-04-29 12:33:11 +04:00
|
|
|
of each client machine and the connecting medium.
|
|
|
|
This is insecure, but is useful in an ``open'' environment.
|
1993-03-21 12:45:37 +03:00
|
|
|
.Pp
|
|
|
|
A facility to allow all data exchanges to be encrypted should be
|
|
|
|
present.
|
|
|
|
.Pp
|
|
|
|
A more extensible protocol should be used.
|
2000-05-30 09:21:46 +04:00
|
|
|
.Pp
|
|
|
|
.Nm
|
|
|
|
intentionally rejects accesses from IPv4 mapped address on top of
|
|
|
|
.Dv AF_INET6
|
|
|
|
socket, since IPv4 mapped address complicates host-address based
|
|
|
|
authentication.
|
|
|
|
If you would like to accept connections from IPv4 peers, you will need to run
|
|
|
|
.Nm
|
|
|
|
on top of
|
|
|
|
.Dv AF_INET
|
|
|
|
socket, not
|
|
|
|
.Dv AF_INET6
|
|
|
|
socket.
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh HISTORY
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
command appeared in
|
|
|
|
.Bx 4.2 .
|