HP-UX Reference (11i v2 03/08) - 1M System Administration Commands N-Z (vol 4)

r
rlogind(1M) rlogind(1M)
NAME
rlogind - remote login server
SYNOPSIS
/usr/lbin/rlogind
[-lns][-B bannerfile ]
In Kerberos V5 Network Authentication Environments
/usr/lbin/rlogind
[-clnKkRr][-B bannerfile ]
DESCRIPTION
rlogind is the server for the rlogin(1) program. It provides a remote login facility with two kinds of
authentication methods:
1. Authentication based on privileged port numbers where the client’s source port must be in the
range 512 through 1023. In this case
rlogind
assumes it is operating in normal or non-
secure environment.
2. Authentication based on Kerberos V5. In this case
rlogind assumes it is operating in a Ker-
beros V5 Network Authentication, i.e., secure environment.
The
inetd daemon invokes rlogind if a service request is received at ports indicated by the
login or
klogin services specified in /etc/services
(see inetd(1M) and services(4)). Service requests arriv-
ing at the
klogin port assume a secure environment and expect Kerberos authentication to take place.
To start
rlogind from the inetd daemon in a non-secure environment, the configuration file
/etc/inetd.conf must contain an entry as follows:
login stream tcp nowait root /usr/lbin/rlogind rlogind
In a secure environment, /etc/inetd.conf
must contain an entry:
klogin stream tcp nowait root /usr/lbin/rlogind rlogind -K
The above configuration line will start rlogind in IPv4 mode. To start rlogind
in IPv6 mode, the
configuration file
/etc/inetd.conf
must contain an entry as follows:
login stream tcp6 nowait root /usr/lbin/rlogind rlogind
Note: For IPv6 applications the protocol tcp has to be changed to
tcp6. See inetd.conf (4) for more
information.
To prevent non-secure access, the entry for
login should be commented out in /etc/inetd.conf
.
Any non-Kerberos access will be denied since the entry for the port indicated by
login has now been
removed or commented out. In a such a situation, a generic error message,
rcmd: connect <hostname> : Connection refused
is displayed. See DIAGNOSTICS for more details.
Options
rlogind recognizes the following options:
-l This option is used to prevent any authentication based on the user’s .rhosts file unless the
user is logging in as super-user.
-s This option is used in multi-homed NIS systems. It disables rlogind from doing a reverse
lookup, of the client’s IP address; see gethostbyname(3N). It can be used to circumvent an NIS
limitation with multihomed hosts.
-n This option is used to disable transport-level keepalive messages.
-Bbannerfile
Causes the file, bannerfile, to be displayed to incoming rlogin requests.
In a secure environment,
rlogind will recognize the following additional options:
-c Ignore checksum verification. This option is used to achieve interoperability between clients
and servers using different checksum calculation methods. For example, the checksum calcu-
lation in a application developed with Kerberos V5 Beta 4 API is different from the calculation
in a Kerberos V5-1.0 application.
-K Authorization based on Kerberos V5 must succeed or access will be rejected (see sis(5) for
details on authorization).
Section 1M678 Hewlett-Packard Company 1 HP-UX 11i Version 2: August 2003