unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 rlogind(1M)							 rlogind(1M)




 NAME
      rlogind - remote login server

 SYNOPSIS
      /usr/lbin/rlogind [-lns] [-B bannerfile]

 DESCRIPTION
      rlogind is the server for the rlogin(1) program.	It provides a remote
      login facility with authentication based on privileged port numbers.
      rlogind expects to be executed by the Internet daemon (inetd(1M)) when
      it receives a service request at the port indicated in the services
      database for login using the tcp protocol (see services(4)).

      When a service request is received, the following protocol is
      initiated by rlogind:

	   1.  rlogind checks the client's source port.	 If the port is not
	       in the range 512 through 1023 (a ``privileged port''), the
	       server aborts the connection.

	   2.  rlogind checks the client's source address and requests the
	       corresponding host name (see gethostent(3N), hosts(4), and
	       named(1M)).  If it cannot determine the hostname, it uses the
	       Internet dot-notation representation of the host address.

      Once the source port and address have been checked, rlogind proceeds
      with the authentication process described in hosts.equiv(4).  rlogind
      then allocates a STREAMS based pseudo-terminal (see ptm(7), pts(7)),
      and manipulates file descriptors so that the slave half of the
      pseudo-terminal becomes stdin, stdout, and stderr for a login process.
      The login process is an instance of login(1) invoked with the -f
      option if authentication has succeeded.  If automatic authentication
      fails, login(1) prompts the user with the normal login sequence.

    Options
      The rlogind command supports the following options:

	   -l	     This option is used to prevent any authentication based
		     on the user's .rhosts file unless the user is logging
		     in as super-user.

	   -s	     This option is used in multi-homed NIS systems.  It
		     disables rlogind from doing a reverse lookup, of the
		     client's IP address; see gethostbyname(3N).  It can be
		     used to circumvent an NIS limitation with multihomed
		     hosts.

	   -n	     This option is used to disable transport-level
		     keepalive messages.





 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 rlogind(1M)							 rlogind(1M)




	   -B bannerfile
		     This option is used to display the file bannerfile to
		     incoming rlogin requests.

      The rlogind process manipulates the master side of the pseudo-
      terminal, operating as an intermediary between the login process and
      the client instance of the rlogin program.  The protocol described in
      ptm(7) and pts(7) is used to enable and disable flow control via
      Ctrl-S/Ctrl-Q under the direction of the program running on the slave
      side of the pseudo-terminal, and to flush terminal output in response
      to interrupt signals.  The login process sets the baud rate and TERM
      environment variable to correspond to the client's baud rate and
      terminal type (see environ(5)).

      Transport-level keepalive messages are enabled unless the -n option is
      present.	The use of keepalive messages allows sessions to be timed
      out if the client crashes or becomes unreachable.

      To start rlogind from the Internet daemon, the configuration file
      /etc/inetd.conf must contain an entry as follows:

	   login  stream  tcp  nowait  root  /usr/lbin/rlogind	rlogind

 EXTERNAL INFLUENCES
    International Code Set Support
      Single- and multibyte character code sets are supported.

 DIAGNOSTICS
      Errors in establishing a connection cause an error message to be
      returned with a leading byte of 1 through the socket connection, after
      which the network connection is closed.  Any errors generated by the
      login process or its descendents are passed through by the server as
      normal communication.

	   fork:  No more processes
		The server was unable to fork a process to handle the
		incoming connection.

		Next step: Wait a period of time and try again.	 If this
		message persists, the server's host may have runaway
		processes that are using all the entries in the process
		table.

	   Cannot allocate pty on remote host
		The server was unable to obtain a pseudo-terminal for use
		with the login process.	 Either all pseudo-terminals were in
		use, or the pty driver has not been properly set up.  Note,
		the number of slave devices that can be allocated depends on
		NSTRPTY, a kernel tunable parameter. This can be changed via
		SAM (see ptm(7), pts(7)).




 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 rlogind(1M)							 rlogind(1M)




		Next step: Check the pty configuration of the host where
		rlogind executes.

	   Permission denied
		The server denied access because the client was not using a
		reserved port.	This should only happen to interlopers
		trying to break into the system.

	   /usr/bin/login: ...
		The login program could not be started via exec(2) for the
		reason indicated.

		Next step: Try to correct the condition causing the problem.
		If this message persists, contact your system administrator.

 WARNINGS
      The ``privileged port'' authentication procedure used here assumes the
      integrity of each host and the connecting medium.	 This is insecure,
      but is useful in an ``open'' environment.	 Note that any passwords are
      sent unencrypted through the socket connection.

 AUTHOR
      rlogind was developed by the University of California, Berkeley.

 FILES
      /etc/hosts.equiv		       List of equivalent hosts
      $HOME/.rhosts		       User's private equivalence list

 SEE ALSO
      login(1), rlogin(1), inetd(1M), named(1M), gethostent(3N),
      ruserok(3N), hosts(4), hosts.equiv(4),  inetd.conf(4), services(4),
      environ(5), pty(7).






















 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000