rlogind man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

rlogind(1M)							   rlogind(1M)

       rlogind - remote login server


   In Kerberos V5 Network Authentication Environments

       is  the	server	for  the program.  It provides a remote login facility
       with two kinds of authentication methods:

	      1.     Authentication based on privileged port numbers where the
		     client's  source  port  must  be in the range 512 through
		     1023.  In this case assumes it is operating in normal  or
		     non-secure environment.

	      2.     Authentication  based  on	Kerberos  V5.	In  this  case
		     assumes it is operating in a Kerberos V5 Network  Authen‐
		     tication, that is, secure environment.

       The  daemon invokes if a service request is received at ports indicated
       by the or services specified in (see inetd(1M) and services(4)).	  Ser‐
       vice  requests  arriving	 at  the  port assume a secure environment and
       expect Kerberos authentication to take place.

       To start from the inetd daemon in a non-secure environment, the config‐
       uration file must contain an entry as follows:

       In a secure environment, must contain an entry:

       The above configuration line will start in mode.	 To start in mode, the
       configuration file must contain an entry as follows:

	      Note: For IPv6 applications the protocol has to  be  changed  to
	      See inetd.conf(4) for more information.

       To  prevent non-secure access, the entry for should be commented out in
       Any non-Kerberos access will be denied since the	 entry	for  the  port
       indicated by has now been removed or commented out.  In a such a situa‐
       tion, a generic error message,

       is displayed.  See for more details.

       rlogind recognizes the following options:

	      This option is used to prevent any authentication based  on  the
		     file unless the user is logging in as super-user.

	      This option is used in multi-homed NIS systems.  It disables
		     from  doing a reverse lookup, of the client's IP address;
		     see gethostbyname(3N).  It can be used to	circumvent  an
		     NIS limitation with multihomed hosts.

	      This  option  is	used to disable transport-level keepalive mes‐

	      Causes the file,
		     bannerfile, to be displayed to incoming rlogin requests.

       In a  secure  environment,  will	 recognize  the	 following  additional

	      Ignore checksum verification.  This option is used to achieve
		     interoperability  between	clients and servers using dif‐
		     ferent checksum calculation methods.   For	 example,  the
		     checksum calculation in a application developed with Ker‐
		     beros V5 Beta 4 API is different from the calculation  in
		     a Kerberos V5-1.0 application.

	      Authorization based on Kerberos V5 must succeed or access
		     will  be  rejected	 (see sis(5) for details on authoriza‐

	      Authentication based on privileged port numbers and
		     authorization  of	the  remote  user  through  equivalent
		     accounts  must  succeed.  For more information on equiva‐
		     lent accounts, see hosts.equiv(4).

	      Either one of the following must succeed.	 The order  in	which,
		     authorization checks are done is as specified below.

		     1.	    Authentication  based  on  privileged port numbers
			    and	 authorization	of  the	 remote	 user  through
			    equivalent accounts (see hosts.equiv(4)).

		     2.	    Authorization based on Kerberos V5.

	      Either  one  of the following must succeed.  The order in which,
		     authorization checks are done is as specified below.

		     1.	    Authorization based on Kerberos V5.

		     2.	    Authentication based on  privileged	 port  numbers
			    and	 authorization	of  the	 remote	 user  through
			    equivalent accounts.

		     Note: The option is ignored when used with and the option
		     is	 ignored when used with Also, if no options are speci‐
		     fied, the default option is

       When a service request is received, the following protocol is initiated

	      1.     checks the client's source port.  If the port is not in a
		     privileged port, that is, in the range 512 through	 1023,
		     and is operating in a non-secure environment, the connec‐
		     tion is terminated.  In a secure environment, the	action
		     taken depends on the command line options:

		     The source port must be a privileged port otherwise
			    terminates the connection.

		     If the source port is not a privileged port then
			    Kerberos authorization must succeed or the connec‐
			    tion is terminated.

		     The source port must be a privileged port if
			    Kerberos authorization fails.

		     No action is taken.

	      2.     checks the client's source address and requests the  cor‐
		     responding	 host  name (see gethostent(3N), hosts(4), and
		     named(1M)).  If it cannot determine the hostname, it uses
		     the  Internet  dot-notation  representation  of  the host

	      3.     in a  secure  environment,	 proceeds  with	 the  Kerberos
		     authentication process described in sis(5).  If authenti‐
		     cation succeeds, then the authorization selected  by  the
		     command  line  option or is performed.  The authorization
		     selected could be as specified in or Kerberos  authoriza‐
		     tion as specified in sis(5).

	      4.     then  allocates  a	 STREAMS  based	 pseudo-terminal  (see
		     ptm(7) and pts(7)), and manipulates file  descriptors  so
		     that  the	slave  half of the pseudo-terminal becomes and
		     for a login process.

	      5.     This login process is an instance	of  invoked  with  the
		     option  if authentication has succeeded.  In a non-secure
		     environment, if automatic authentication  fails,  prompts
		     the  user	with  the  normal login sequence.  In a secure
		     environment, if authentication fails, generates an	 error
		     message and quits.

       The process manipulates the master side of the pseudo-terminal, operat‐
       ing as an  intermediary	between	 the  login  process  and  the	client
       instance	 of  the program.  The protocol described in ptm(7) and pts(7)
       is used to enable and disable flow control via Ctrl-S/Ctrl-Q under  the
       direction of the program running on the slave side of the pseudo-termi‐
       nal, and to flush terminal output in  response  to  interrupt  signals.
       The login process sets the baud rate and environment variable to corre‐
       spond to the client's baud rate and terminal type (see environ(5)).

       Transport-level keepalive messages are enabled  unless  the  option  is
       present.	 The use of keepalive messages allows sessions to be timed out
       if the client crashes or becomes unreachable.

   International Code Set Support
       Single and multibyte character code sets are supported.

       Errors in establishing a	 connection  cause  an	error  message	to  be
       returned	 with a leading byte of 1 through the socket connection, after
       which the network connection is closed.	Any errors  generated  by  the
       login  process  or  its descendents are passed through by the server as
       normal communication.

	      The server was unable to fork a process to handle	 the  incoming

		     Wait  a  period  of  time and try again.  If this message
		     persists, the server's host may  have  runaway  processes
		     that are using all the entries in the process table.

	      The server was unable to obtain a pseudo-terminal
		     for use with the login process.  Either all pseudo-termi‐
		     nals were in use, or the pty driver has not been properly
		     set  up.	Note that the number of slave devices that can
		     be allocated depends on NSTRPTY, a kernel tunable parame‐
		     ter.   This  can  be  changed via HP SMH (replacement for
		     SAM); see ptm(7) and pts(7).

		     Check the pty configuration of the host where executes.

	      The server denied access because the  client  was	 not  using  a
	      reserved port.
		     This  should  only	 happen to interlopers trying to break
		     into the system.

	      The login program could not be started via
		     for the reason indicated.

		     Try to correct the condition  causing  the	 problem.   If
		     this message persists, contact your system administrator.

	      This generic message could be due to a number of reasons. One of
		     reasons could be because the entry for login  service  is
		     not  present  in This entry may have been removed or com‐
		     mented out to prevent non-secure access.

       Kerberos specific errors are listed in sis(5).

       The integrity of each host and the connecting medium is assumed if  the
       "privileged  port"  authentication  procedure  is  used in a non-secure
       environment or if the command line options are used in a	 secure	 envi‐
       ronment.	 Although both these methods provide insecure access, they are
       useful in an "open" environment.	 This is insecure, but is useful in an
       "open" environment.

       Note  that  all	the  information,  including any passwords, are passed
       unencrypted between the two hosts when is invoked in a non-secure envi‐

       was developed by the University of California, Berkeley.

       List of equivalent hosts
       User's private equivalence list

       login(1), rlogin(1), inetd(1M), named(1M), gethostent(3N), ruserok(3N),
       hosts(4),  hosts.equiv(4),  inetd.conf(4),   services(4),   environ(5),
       sis(5), pty(7).


List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net