rlogind - remote login server
/usr/lbin/rlogind [-lns] [-B bannerfile]
rlogind is the server for the rlogin(1) program. It provides a remote
login facility with authentication based on privileged port numbers.
rlogind expects to be executed by the Internet daemon (inetd(1M)) when
it receives a service request at the port indicated in the services
database for login using the tcp protocol (see services(4)).
When a service request is received, the following protocol is
initiated by rlogind:
1. rlogind checks the client's source port. If the port is not
in the range 512 through 1023 (a ``privileged port''), the
server aborts the connection.
2. rlogind checks the client's source address and requests the
corresponding host name (see gethostent(3N), hosts(4), and
named(1M)). If it cannot determine the hostname, it uses the
Internet dot-notation representation of the host address.
Once the source port and address have been checked, rlogind proceeds
with the authentication process described in hosts.equiv(4). rlogind
then allocates a STREAMS based pseudo-terminal (see ptm(7), pts(7)),
and manipulates file descriptors so that the slave half of the
pseudo-terminal becomes stdin, stdout, and stderr for a login process.
The login process is an instance of login(1) invoked with the -f
option if authentication has succeeded. If automatic authentication
fails, login(1) prompts the user with the normal login sequence.
The rlogind command supports the following options:
-l This option is used to prevent any authentication based
on the user's .rhosts file unless the user is logging
in as super-user.
-s This option is used in multi-homed NIS systems. It
disables rlogind from doing a reverse lookup, of the
client's IP address; see gethostbyname(3N). It can be
used to circumvent an NIS limitation with multihomed
-n This option is used to disable transport-level
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
This option is used to display the file bannerfile to
incoming rlogin requests.
The rlogind process manipulates the master side of the pseudo-
terminal, operating as an intermediary between the login process and
the client instance of the rlogin program. The protocol described in
ptm(7) and pts(7) is used to enable and disable flow control via
Ctrl-S/Ctrl-Q under the direction of the program running on the slave
side of the pseudo-terminal, and to flush terminal output in response
to interrupt signals. The login process sets the baud rate and TERM
environment variable to correspond to the client's baud rate and
terminal type (see environ(5)).
Transport-level keepalive messages are enabled unless the -n option is
present. The use of keepalive messages allows sessions to be timed
out if the client crashes or becomes unreachable.
To start rlogind from the Internet daemon, the configuration file
/etc/inetd.conf must contain an entry as follows:
login stream tcp nowait root /usr/lbin/rlogind rlogind
International Code Set Support
Single- and multibyte character code sets are supported.
Errors in establishing a connection cause an error message to be
returned with a leading byte of 1 through the socket connection, after
which the network connection is closed. Any errors generated by the
login process or its descendents are passed through by the server as
fork: No more processes
The server was unable to fork a process to handle the
Next step: Wait a period of time and try again. If this
message persists, the server's host may have runaway
processes that are using all the entries in the process
Cannot allocate pty on remote host
The server was unable to obtain a pseudo-terminal for use
with the login process. Either all pseudo-terminals were in
use, or the pty driver has not been properly set up. Note,
the number of slave devices that can be allocated depends on
NSTRPTY, a kernel tunable parameter. This can be changed via
SAM (see ptm(7), pts(7)).
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
Next step: Check the pty configuration of the host where
The server denied access because the client was not using a
reserved port. This should only happen to interlopers
trying to break into the system.
The login program could not be started via exec(2) for the
Next step: Try to correct the condition causing the problem.
If this message persists, contact your system administrator.
The ``privileged port'' authentication procedure used here assumes the
integrity of each host and the connecting medium. This is insecure,
but is useful in an ``open'' environment. Note that any passwords are
sent unencrypted through the socket connection.
rlogind was developed by the University of California, Berkeley.
/etc/hosts.equiv List of equivalent hosts
$HOME/.rhosts User's private equivalence list
login(1), rlogin(1), inetd(1M), named(1M), gethostent(3N),
ruserok(3N), hosts(4), hosts.equiv(4), inetd.conf(4), services(4),
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000