rlogind(1)                                                   rlogind(1)

  rlogind

  NAME

    rlogind - remote login server

  SYNOPSIS

    rlogind [-alnQ]

  DESCRIPTION

    The rlogind(1) utility is the server for the rlogin(1) program. The server
    provides a remote login facility with authentication based on privileged
    port numbers from trusted hosts.

    The following options are supported by rlogind(1):

    -a
        Ask host name for verification.

    -l
        Prevent any authentication based on the user's .rhosts file.

    -n
        Disable keep-alive messages.

    -Q
        Sets really quiet mode. Really quiet mode suppresses the entire login
        banner.

    The rlogind(1) utility listens for service requests at the port indicated
    in the "login" service specification. When a service request is received,
    the following protocol is initiated:
   1.     The server checks the client's source port. If the port is not in
          the range 512-1023, the server aborts the connection.
   2.     The server checks the client's source address and requests the
          corresponding host name (see gethostbyaddr(2)), hosts(5), and
          named(1)). If the host name cannot be determined, the dot-notation
          representation of the host address is used. If the host name is in
          the same domain as the server (according to the last two components
          of the domain name), or if the -a option is given, the addresses for
          the host name are requested, verifying that the name and address
          correspond. Normal authentication is bypassed if the address
          verification fails.

    After the source port and address have been checked, rlogind(1) proceeds
    with the authentication process described in rshd(1). It then allocates a
    pseudo terminal (see pty(4)), and manipulates file descriptors so that the
    subordinate (slave) half of the pseudo terminal becomes the stdin, stdout,
    and stderr for a login process. The login process is an instance of the
    login(1) program, invoked with the -f option if authentication has
    succeeded. If automatic authentication fails, the user is prompted to log
    in as if on a standard terminal line.

    The parent of the login process manipulates the master side of the pseudo
    terminal, operating as an intermediary between the login process and the
    client instance of the rlogin(1) program. In normal operation, the packet
    protocol described in pty(4) is invoked to provide ^S/^Q type facilities
    and propagate interrupt signals to the remote programs. The login process
    propagates the client terminal's baud rate and terminal type, as found in
    the environment variable, TERM. The screen or window size of the terminal
    is requested from the client, and window size changes from the client are
    propagated to the pseudo terminal.

    Transport-level keep-alive messages are enabled unless the -n option is
    present. The use of keep-alive messages allows sessions to be timed out if
    the client crashes or becomes unreachable.

  Interix authentication

    On traditional systems, a user can rlogin(1) from a system identified in
    the user's .rhosts file without providing a password. This is because on a
    traditional system, the rlogind(1) program is run as the superuser, and
    can take any login identity. This works on Interix if rlogind(1) runs as
    the SYSTEM user. If the daemon is running as a different user, the user's
    password must have been previously stored using the regpwd(1) utility.

    If the iruserok(3) function reports that the host name and the host number
    do not match, the user is asked for a password.

    (The test is done by converting the host number to a host name and then
    converting the host name to a host number. If the two host numbers do not
    match, the address might have been spoofed. A user can get similar results
    by using nslookup(1) to check both the host name and the host number.)

  DIAGNOSTICS

    All initial diagnostic messages are indicated by a leading byte with a
    value of 1, after which any network connections are closed. If there are
    no errors before login(1) is invoked, a null byte is returned as in
    indication of success.

    Try again.
        A fork(2) by the server failed.

  FILES

    The rlogin(1) and rlogind(1) programs make use of the following files, if
    they exist:

    /etc/hosts.equiv
        On the target system, this file contains the names of systems and
        users allowed to login. See hosts.equiv(5) for more information.

    $HOME/.rhosts
        On the target system, this file can contain the names of systems (and
        user names) allowed to login. See .rhosts(5) for more information.

  BUGS

    The authentication procedure used here assumes the integrity of each
    client computer and the connecting medium. This is insecure, but is useful
    in an "open" environment.

    A facility to allow all data exchanges to be encrypted should be present.

    A more extensible protocol should be used.

  SEE ALSO

    login(1)

    rshd(1)

    iruserok(3)