HPUX rlogind[1m]
rlogind(1M) rlogind(1M)
Requires Optional ARPA Services Software
NAME
rlogind - remote login server
SYNOPSIS
/etc/rlogind [-ln]
DESCRIPTION
rlogind is the server for the rlogin(1) program. It provides a remote
login facility with authentication based on privileged port numbers.
rlogind expects to be executed by the Internet daemon (inetd(1M)) when
it receives a service request at the port indicated in the services
database for login using the tcp protocol (see services(4)).
When a service request is received, the following protocol is
initiated by rlogind:
1. rlogind checks the client's source port. If the port is not
in the range 512 through 1023 (a ``privileged port''), the
server aborts the connection.
2. rlogind checks the client's source address and requests the
corresponding host name (see gethostent(3N), hosts(4), and
named(1M)). If it cannot determine the hostname, it uses the
Internet dot-notation representation of the host address.
Once the source port and address have been checked, rlogind proceeds
with the authentication process described in hosts.equiv(4). rlogind
then allocates a pseudo-terminal (see pty(7)), and manipulates file
descriptors so that the slave half of the pseudo-terminal becomes
stdin, stdout, and stderr for a login process. The login process is
an instance of login(1) invoked with the -f option if authentication
has succeeded. If automatic authentication fails, login(1) prompts
the user with the normal login sequence. The -l option to rlogind
prevents any authentication based on the user's .rhosts file unless
the user is logging in as super-user.
The rlogind process manipulates the master side of the pseudo-
terminal, operating as an intermediary between the login process and
the client instance of the rlogin program. The packet protocol
described in pty(7) is used to enable and disable flow control via
Ctrl-S/Ctrl-Q under the direction of the program running on the slave
side of the pseudo-terminal, and to flush terminal output in response
to interrupt signals. The login process sets the baud rate and TERM
environment variable to correspond to the client's baud rate and
terminal type (see environ(5)).
Transport-level keepalive messages are enabled unless the -n option is
present. The use of keepalive messages allows sessions to be timed
out if the client crashes or becomes unreachable.
Hewlett-Packard Company - 1 - HP-UX Release 9.0: August 1992
rlogind(1M) rlogind(1M)
Requires Optional ARPA Services Software
To start rlogind from the Internet daemon, the configuration file
/etc/inetd.conf must contain an entry as follows:
login stream tcp nowait root /etc/rlogind rlogind
DIAGNOSTICS
Errors in establishing a connection cause an error message to be
returned with a leading byte of 1 through the socket connection, after
which the network connection is closed. Any errors generated by the
login process or its descendents are passed through by the server as
normal communication.
fork: No more processes
The server was unable to fork a process to handle the
incoming connection.
Next step: Wait a period of time and try again. If this
message persists, the server's host may have runaway
processes that are using all the entries in the process
table.
Cannot allocate pty on remote host
The server was unable to obtain a pseudo-terminal for use
with the login process. Either all pseudo-terminals were in
use, or the pty driver has not been properly set up (see
pty(7)).
Next step: Check the pty configuration of the host where
rlogind executes.
Permission denied
The server denied access because the client was not using a
reserved port. This should only happen to interlopers
trying to break into the system.
/bin/login: ...
The login program could not be started via exec(2) for the
reason indicated.
Next step: Try to correct the condition causing the problem.
If this message persists, contact your system administrator.
WARNINGS
The ``privileged port'' authentication procedure used here assumes the
integrity of each host and the connecting medium. This is insecure,
but is useful in an ``open'' environment. Note that any passwords are
sent unencrypted through the socket connection.
AUTHOR
rlogind was developed by the University of California, Berkeley.
Hewlett-Packard Company - 2 - HP-UX Release 9.0: August 1992
rlogind(1M) rlogind(1M)
Requires Optional ARPA Services Software
FILES
/etc/hosts.equiv list of equivalent hosts
$HOME/.rhosts user's private equivalence list
SEE ALSO
login(1), rlogin(1), inetd(1M), named(1M), gethostent(3N),
ruserok(3N), hosts(4), hosts.equiv(4), inetd.conf(4), services(4),
environ(5), pty(7).
Hewlett-Packard Company - 3 - HP-UX Release 9.0: August 1992