Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RLOGIND(8)		FreeBSD	System Manager's Manual		    RLOGIND(8)

     rlogind --	remote login server

     rlogind [-Daln]

     rlogind is	deprecated and will be removed from future versions of the
     FreeBSD base system.  If rlogind is still required, it can	be installed
     from ports	or packages (net/bsdrcmds).

     The rlogind utility is the	server for the rlogin(1) program.  The server
     provides a	remote login facility with authentication based	on privileged
     port numbers from trusted hosts.

     Options supported by rlogind:

     -D	     Set TCP_NODELAY socket option.  This improves responsiveness at
	     the expense of some additional network traffic.

     -a	     Ask hostname for verification.

     -l	     Prevent any authentication	based on the user's ``.rhosts''	file,
	     unless the	user is	logging	in as the superuser.

     -n	     Disable keep-alive	messages.

     The rlogind utility listens for service requests at the port indicated in
     the ``login'' service specification; see services(5).  When a service
     request is	received the following protocol	is initiated:

     1.	  The server checks the	client's source	port.  If the port is not in
	  the range 512-1023, the server aborts	the connection.

     2.	  The server checks the	client's source	address	and requests the cor-
	  responding host name (see gethostbyaddr(3), hosts(5) and named(8)).
	  If the hostname cannot be determined,	the dot-notation representa-
	  tion of the host address is used.  If	the hostname is	in the same
	  domain as the	server (according to the last two components of	the
	  domain name),	or if the -a option is given, the addresses for	the
	  hostname are requested, verifying that the name and address corre-
	  spond.  Normal authentication	is bypassed if the address verifica-
	  tion fails.

     Once the source port and address have been	checked, rlogind proceeds with
     the authentication	process	described in rshd(8).  It then allocates a
     pseudo terminal (see pty(4)), and manipulates file	descriptors so that
     the slave half of the pseudo terminal becomes the stdin, stdout, and
     stderr for	a login	process.  The login process is an instance of the
     login(1) program, invoked with the	-f option if authentication has	suc-
     ceeded.  If automatic authentication fails, the user is prompted to log
     in	as if on a standard terminal line.

     The parent	of the login process manipulates the master side of the	pseudo
     terminal, operating as an intermediary between the	login process and the
     client instance of	the rlogin(1) program.	In normal operation, the
     packet protocol described in pty(4) is invoked to provide `^S/^Q' type
     facilities	and propagate interrupt	signals	to the remote programs.	 The
     login process propagates the client terminal's baud rate and terminal
     type, as found in the environment variable, TERM; see environ(7).	The
     screen or window size of the terminal is requested	from the client, and
     window size changes from the client are propagated	to the pseudo termi-

     Transport-level keepalive messages	are enabled unless the -n option is
     present.  The use of keepalive messages allows sessions to	be timed out
     if	the client crashes or becomes unreachable.


     All initial diagnostic messages are indicated by a	leading	byte with a
     value of 1, after which any network connections are closed.  If there are
     no	errors before login(1) is invoked, a null byte is returned as in indi-
     cation of success.

     Try again.
	     A fork(2) by the server failed.

     login(1), ruserok(3), hosts(5), hosts.equiv(5), login.conf(5),
     nologin(5), services(5), rshd(8)

     The rlogind utility appeared in 4.2BSD.

     IPv6 support was added by WIDE/KAME project.

     The authentication	procedure used here assumes the	integrity of each
     client machine and	the connecting medium.	This is	insecure, but is use-
     ful in an ``open''	environment.

     A facility	to allow all data exchanges to be encrypted should be present.

     A more extensible protocol	should be used.

FreeBSD	11.1			 July 3, 2017			  FreeBSD 11.1


Want to link to this manual page? Use this URL:

home | help