rlogind - The remote login server
-a Requests the addresses for the hostname, verifying that the name and
address correspond. Normal authentication is bypassed if the address
-l Prevents authentication based on the user's $HOME/.rhosts file, unless
the user is logging in as the superuser.
-n Disables transport-level, keep-alive messages. The messages are enabled
The rlogind daemon is the server for the rlogin(1) program. The server
provides a remote login facility with authentication based on privileged
port numbers from trusted hosts.
The rlogind daemon listens for service requests at the port indicated in
the login service specification; see services(4). When a service request
is received, the following protocol is initiated:
1. The server checks the client's source port. If the port is not in the
range 512 to 1023, the server aborts the connection.
2. The server checks the client's source address and requests the
corresponding hostname (see gethostbyaddr(3), hosts(4) and named(8).
If the hostname cannot be determined, the dot-notation representation
of the host address is used. If the hostname is in the same domain as
the server (according to the last two components of the domain name),
or if the -a option is given, the addresses for the hostname are
requested, verifying that the name and address correspond. Normal
authentication is bypassed if the address verification fails.
Once the source port and address have been checked, rlogind proceeds with
the authentication process described in rshd(8). It then allocates a pseu-
doterminal (see pty(7)), and manipulates file descriptors so that the slave
half of the pseudoterminal becomes the stdin, stdout, and stderr for a
login process. The login process is an instance of the login(1) program
invoked with the -f option if authentication has succeeded. If automatic
authentication fails, the user is prompted to log in as if on a standard
terminal line. The -l option prevents any authentication based on the
user's .rhosts file, unless the user is logging in as the superuser.
By default, the rlogind daemon starts the login dialog using the login
string specified in the message field of the /etc/gettydefs file. If you
want to use a customized banner, create an /etc/issue.net or /etc/issue
file. The rlogind daemon reads the file that exists and writes its contents
to stdout prior to starting the login dialog. If both files exist, only
the /etc/issue.net file is used.
The parent of the login process manipulates the master side of the pseu-
doterminal, operating as an intermediary between the login process and the
client instance of the rlogin program. In normal operation, the packet
protocol described in pty(7) is invoked to provide<<Ctrl-s>>/<<Ctrl-q>> type
facilities and propagate interrupt signals to the remote programs. The
login process propagates the client terminal's baud rate and terminal type,
as found in the TERM environment variable. The screen or window size of
the terminal is requested from the client, and window size changes from the
client are propagated to the pseudoterminal.
Transport-level, keep-alive messages are enabled unless the -n option is
present. The use of keep-alive messages allows sessions to be timed out if
the client crashes or becomes unreachable.
Note that the authentication procedure used here assumes the integrity of
each client machine and the connecting medium. This is insecure, but is
useful in an open environment.
All initial diagnostic messages are indicated by a leading byte with a
value of 1 (one), after which any network connections are closed. If there
are no errors before login is invoked, a null byte is returned as an indi-
cation of success.
A fork by the server failed.
Specifies the command path
Files: issue(4), issue.net