telnetd - TELNET protocol server
/usr/lbin/telnetd [-b [bannerfile]] [-s] [-t] [-z] [-TCP_DELAY]
The telnetd daemon executes a server that supports the DARPA standard
TELNET virtual terminal protocol. The Internet daemon (inetd)
executes telnetd when it receives a service request at the port listed
in the services data base for telnet using the tcp protocol (see
inetd(1M) and services(4)).
telnetd operates by allocating a Telnet pseudo-terminal device (see
tels(7)) for a client, then creating a login process which has the
slave side of the Telnet pseudo-terminal as stdin, stdout, and stderr.
telnetd manipulates the master side of the Telnet pseudo-terminal,
implementing the TELNET protocol, and passing characters between the
client and login process.
NOTE: telnetd no longer uses pty(7) devices; instead it uses special
devices created for TELNET sessions only. For a full description, see
When a TELNET session is started up, telnetd sends TELNET options to
the client side, indicating a willingness to do remote echo of
characters, to suppress go ahead, and to receive terminal speed and
terminal type information from the remote client. If the remote
client is willing, the remote terminal type is propagated in the
environment of the created login process. The pseudo-terminal
allocated to the client is configured as a normal terminal for login,
with the exception of echoing characters (see tty(7)).
telnetd is willing to do: echo, binary, suppress go ahead, and
telnetd is willing to have the remote client do: binary, flow
control, terminal speed, terminal type, and suppress go ahead.
The flow control option permits applications running on a remote host
to toggle the flow control on the local host. To toggle flow control
for a telnet session programmatically, the application program must
first call the tcgetattr function to get the current termios settings.
Then, the c_iflag of the termios structure must have IXON set(reset)
to enable(disable) flow control.
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
Finally, the tcsetattr function call can implement the change. For
tcsetattr(filedes, TCSANOW, &&&&termios_p)
To toggle the flow control interactively, the user can issue a stty
command using the input options -ixon to disable, or ixon to enable
flow control. (see stty(1)).
The terminal speed option permits applications running on a remote
host to obtain the terminal speed of the local host session using
either ioctl or stty.
The telnet server also supports the TAC User ID (also known as the TAC
Access Control System, or TACACS User ID) option, whereby users
telneting to two or more consenting hosts may avoid going through a
second login sequence. See the -t option below.
To start telnetd from the Internet daemon, the configuration file
/etc/inetd.conf must contain an entry as follows:
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
telnet uses the same files as rlogin to verify participating systems
and authorized users, hosts.equiv and .rhosts. (See hosts.equiv(4)
and the Managing Systems and Workgroups manual for configuration
telnetd has the following options.
-b [bannerfile] Specify a file containing a custom banner. This
option overrides the standard telnetd login
banner. For example, to use /etc/issue as the
login banner, have inetd start telnetd with the
following lines in /etc/inetd.conf (\ provides
telnet stream tcp nowait root /usr/lbin/telnetd \
If bannerfile is not specified, telnetd does not
print a login banner.
-s This options allows users to set the BUFFERSIZE
value. This options, when set, informs telnetd
the number of user bytes to concatenate before
sending to TCP. This option is set with integer
values. There is no specified default.
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
-t Enable the TAC User ID option. The system
administrator can enable the TAC User ID option on
servers designated as participating hosts by
having inetd start telnetd with the -t option in
telnet stream tcp nowait root /usr/lbin/telnetd
In order for the TAC User ID option to work as
specified, the system administrator must assign to
all authorized users of the option the same login
name and unique user ID (UUID) on every
participating system to which they are allowed TAC
User ID access. These same UUIDs should not be
assigned to non-authorized users.
Users cannot use the feature on systems where
their local and remote UUIDs differ, but they can
always use the normal telnet login sequence.
Also, there may be a potential security breach
where a user with one UUID may be able to gain
entry to participating systems and accounts where
that UUID is assigned to someone else, unless the
above restrictions are followed.
A typical configuration may consist of one or more
secure front-end systems and a network of
participating hosts. Users who have successfully
logged onto the front-end system may telnet
directly to any participating system without being
prompted for another login.
-z This option allows users to set the BUFFERTIMEOUT
value. This option, when set, informs telnetd how
long it should wait before timing out and flushing
the concatenated user data to TCP. Note that the
TIMEOUT value is measured in clock ticks (10ms)
and not in seconds. This option is set with
integer values. There is no specified default.
-TCP_DELAY This option allows the users to disable the
TCP_NODELAY socket option. When telnetd is invoked
with this option, small writes over telnetd may
concatenate at the tcp level so that larger tcp
packets are sent to the client at less frequent
To configure telnetd to have a BUFFERSIZE of 100 bytes and a
BUFFERTIMEOUT of 100 ticks and the TCP_DELAY ON, the entry in
/etc/inetd.conf would be:
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000
telnet stream tcp nowait root /usr/lbin/telnetd telnetd -s100 \
If any error is encountered by telnetd in establishing the connection,
an error message is returned through the connection, after which the
connection is closed and the server exits. Any errors generated by
the login process or its descendents are passed through as ordinary
The following diagnostic messages are displayed by telnetd:
unable to allocate Telnet device
The server was unable to obtain a Telnet pseudo-terminal for
use with the login process. Either all Telnet pseudo-
terminals were in use or the telm driver has not been
properly set up (see tels(7)).
Next step: Check the Telnet pseudo driver configuration of
the host where telnetd is executing.
fork: No more processes
telnetd was unable to fork a process to handle the incoming
Next step: Wait a period of time and try again. If this
message persists, the server's host may have runaway
processes that are using all the entries in the process
The login program could not be started via exec*() for the
reason indicated (see exec(2)).
The terminal type name received from the remote client is converted to
telnetd never sends TELNET go ahead commands.
telnetd was developed by the University of California, Berkeley.
login(1), rlogin(1), telnet(1), inetd(1M), inetsvcs_sec(1M), ioctl(2),
hosts(4), inetd.conf(4), inetd.sec(4), services(4), tels(7), stty(1),
Hewlett-Packard Company - 4 - HP-UX Release 11i: November 2000
DOD MIL_STD 1782.
RFC 854 for the TELNET protocol specification.
Hewlett-Packard Company - 5 - HP-UX Release 11i: November 2000