1.\" Copyright (c) 1983, 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)rlogind.8 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD$ 30.\" 31.Dd February 9, 2005 32.Dt RLOGIND 8 33.Os 34.Sh NAME 35.Nm rlogind 36.Nd remote login server 37.Sh SYNOPSIS 38.Nm 39.Op Fl Daln 40.Sh DESCRIPTION 41The 42.Nm 43utility is the server for the 44.Xr rlogin 1 45program. 46The server provides a remote login facility 47with authentication based on privileged port numbers from trusted hosts. 48.Pp 49Options supported by 50.Nm : 51.Bl -tag -width indent 52.It Fl D 53Set TCP_NODELAY socket option. 54This improves responsiveness at the expense of 55some additional network traffic. 56.It Fl a 57Ask hostname for verification. 58.It Fl l 59Prevent any authentication based on the user's 60.Dq Pa .rhosts 61file, unless the user is logging in as the superuser. 62.It Fl n 63Disable keep-alive messages. 64.El 65.Pp 66The 67.Nm 68utility listens for service requests at the port indicated in 69the 70.Dq login 71service specification; see 72.Xr services 5 . 73When a service request is received the following protocol 74is initiated: 75.Bl -enum 76.It 77The server checks the client's source port. 78If the port is not in the range 512-1023, the server 79aborts the connection. 80.It 81The server checks the client's source address 82and requests the corresponding host name (see 83.Xr gethostbyaddr 3 , 84.Xr hosts 5 85and 86.Xr named 8 ) . 87If the hostname cannot be determined, 88the dot-notation representation of the host address is used. 89If the hostname is in the same domain as the server (according to 90the last two components of the domain name), 91or if the 92.Fl a 93option is given, 94the addresses for the hostname are requested, 95verifying that the name and address correspond. 96Normal authentication is bypassed if the address verification fails. 97.El 98.Pp 99Once the source port and address have been checked, 100.Nm 101proceeds with the authentication process described in 102.Xr rshd 8 . 103It then allocates a pseudo terminal (see 104.Xr pty 4 ) , 105and manipulates file descriptors so that the slave 106half of the pseudo terminal becomes the 107.Em stdin , 108.Em stdout , 109and 110.Em stderr 111for a login process. 112The login process is an instance of the 113.Xr login 1 114program, invoked with the 115.Fl f 116option if authentication has succeeded. 117If automatic authentication fails, the user is 118prompted to log in as if on a standard terminal line. 119.Pp 120The parent of the login process manipulates the master side of 121the pseudo terminal, operating as an intermediary 122between the login process and the client instance of the 123.Xr rlogin 1 124program. 125In normal operation, the packet protocol described 126in 127.Xr pty 4 128is invoked to provide 129.Ql ^S/^Q 130type facilities and propagate 131interrupt signals to the remote programs. 132The login process 133propagates the client terminal's baud rate and terminal type, 134as found in the environment variable, 135.Ev TERM ; 136see 137.Xr environ 7 . 138The screen or window size of the terminal is requested from the client, 139and window size changes from the client are propagated to the pseudo terminal. 140.Pp 141Transport-level keepalive messages are enabled unless the 142.Fl n 143option is present. 144The use of keepalive messages allows sessions to be timed out 145if the client crashes or becomes unreachable. 146.Sh FILES 147.Bl -tag -width /etc/hostsxxxxxxxx -compact 148.It Pa /etc/hosts 149.It Pa /etc/hosts.equiv 150.It Ev $HOME Ns Pa /.rhosts 151.It Pa /var/run/nologin 152.El 153.Sh DIAGNOSTICS 154All initial diagnostic messages are indicated 155by a leading byte with a value of 1, 156after which any network connections are closed. 157If there are no errors before 158.Xr login 1 159is invoked, a null byte is returned as in indication of success. 160.Bl -tag -width Ds 161.It Sy Try again. 162A 163.Xr fork 2 164by the server failed. 165.El 166.Sh SEE ALSO 167.Xr login 1 , 168.Xr ruserok 3 , 169.Xr hosts 5 , 170.Xr hosts.equiv 5 , 171.Xr login.conf 5 , 172.Xr nologin 5 , 173.Xr services 5 , 174.Xr rshd 8 175.Sh HISTORY 176The 177.Nm 178utility appeared in 179.Bx 4.2 . 180.Pp 181IPv6 support was added by WIDE/KAME project. 182.Sh BUGS 183The authentication procedure used here assumes the integrity 184of each client machine and the connecting medium. 185This is 186insecure, but is useful in an 187.Dq open 188environment. 189.Pp 190A facility to allow all data exchanges to be encrypted should be 191present. 192.Pp 193A more extensible protocol should be used. 194