1.\" Copyright (c) 1983, 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" %sccs.include.redist.man% 5.\" 6.\" @(#)rlogind.8 8.1 (Berkeley) 06/04/93 7.\" 8.Dd 9.Dt RLOGIND 8 10.Os BSD 4.2 11.Sh NAME 12.Nm rlogind 13.Nd remote login server 14.Sh SYNOPSIS 15.Nm rlogind 16.Op Fl aln 17.Sh DESCRIPTION 18.Nm Rlogind 19is the server for the 20.Xr rlogin 1 21program. The server provides a remote login facility 22with authentication based on privileged port numbers from trusted hosts. 23.Pp 24Options supported by 25.Nm rlogind : 26.Bl -tag -width Ds 27.It Fl a 28Ask hostname for verification. 29.It Fl l 30Prevent any authentication based on the user's 31.Dq Pa .rhosts 32file, unless the user is logging in as the superuser. 33.It Fl n 34Disable keep-alive messages. 35.El 36.Pp 37.Nm Rlogind 38listens for service requests at the port indicated in 39the ``login'' service specification; see 40.Xr services 5 . 41When a service request is received the following protocol 42is initiated: 43.Bl -enum 44.It 45The server checks the client's source port. 46If the port is not in the range 512-1023, the server 47aborts the connection. 48.It 49The server checks the client's source address 50and requests the corresponding host name (see 51.Xr gethostbyaddr 3 , 52.Xr hosts 5 53and 54.Xr named 8 ) . 55If the hostname cannot be determined, 56the dot-notation representation of the host address is used. 57If the hostname is in the same domain as the server (according to 58the last two components of the domain name), 59or if the 60.Fl a 61option is given, 62the addresses for the hostname are requested, 63verifying that the name and address correspond. 64Normal authentication is bypassed if the address verification fails. 65.El 66.Pp 67Once the source port and address have been checked, 68.Nm rlogind 69proceeds with the authentication process described in 70.Xr rshd 8 . 71It then allocates a pseudo terminal (see 72.Xr pty 4 ) , 73and manipulates file descriptors so that the slave 74half of the pseudo terminal becomes the 75.Em stdin , 76.Em stdout , 77and 78.Em stderr 79for a login process. 80The login process is an instance of the 81.Xr login 1 82program, invoked with the 83.Fl f 84option if authentication has succeeded. 85If automatic authentication fails, the user is 86prompted to log in as if on a standard terminal line. 87.Pp 88The parent of the login process manipulates the master side of 89the pseudo terminal, operating as an intermediary 90between the login process and the client instance of the 91.Xr rlogin 92program. In normal operation, the packet protocol described 93in 94.Xr pty 4 95is invoked to provide 96.Ql ^S/^Q 97type facilities and propagate 98interrupt signals to the remote programs. The login process 99propagates the client terminal's baud rate and terminal type, 100as found in the environment variable, 101.Ql Ev TERM ; 102see 103.Xr environ 7 . 104The screen or window size of the terminal is requested from the client, 105and window size changes from the client are propagated to the pseudo terminal. 106.Pp 107Transport-level keepalive messages are enabled unless the 108.Fl n 109option is present. 110The use of keepalive messages allows sessions to be timed out 111if the client crashes or becomes unreachable. 112.Sh DIAGNOSTICS 113All initial diagnostic messages are indicated 114by a leading byte with a value of 1, 115after which any network connections are closed. 116If there are no errors before 117.Xr login 118is invoked, a null byte is returned as in indication of success. 119.Bl -tag -width Ds 120.It Sy Try again. 121A 122.Xr fork 123by the server failed. 124.El 125.Sh SEE ALSO 126.Xr login 1 , 127.Xr ruserok 3 , 128.Xr rshd 8 129.Sh BUGS 130The authentication procedure used here assumes the integrity 131of each client machine and the connecting medium. This is 132insecure, but is useful in an ``open'' environment. 133.Pp 134A facility to allow all data exchanges to be encrypted should be 135present. 136.Pp 137A more extensible protocol should be used. 138.Sh HISTORY 139The 140.Nm 141command appeared in 142.Bx 4.2 . 143