Manualshelf

HP-UX Reference (11i v3 07/02) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
251252253254255256257258259260
r
rlogind(1M) rlogind(1M)
NAME
rlogind - remote login server
SYNOPSIS
/usr/lbin/rlogind
[-lns][-B bannerfile ]
In Kerberos V5 Network Authentication Environments
/usr/lbin/rlogind
[-clnKkRr][-B bannerfile ]
DESCRIPTION
rlogind is the server for the rlogin program. It provides a remote login facility with two kinds of
authentication methods:
1. Authentication based on privileged port numbers where the client’s source port must be in the
range 512 through 1023. In this case
rlogind assumes it is operating in normal or non-secure
environment.
2. Authentication based on Kerberos V5. In this case
rlogind assumes it is operating in a Ker-
beros V5 Network Authentication, that is, secure environment.
The
inetd daemon invokes rlogind if a service request is received at ports indicated by the login
or
klogin services specified in /etc/services
(see inetd(1M) and services(4)). Service requests arriv-
ing at the
klogin port assume a secure environment and expect Kerberos authentication to take place.
To start rlogind from the inetd daemon in a non-secure environment, the configuration file
/etc/inetd.conf must contain an entry as follows:
login stream tcp nowait root /usr/lbin/rlogind rlogind
In a secure environment, /etc/inetd.conf
must contain an entry:
klogin stream tcp nowait root /usr/lbin/rlogind rlogind -K
The above configuration line will start rlogind in IPv4 mode. To start rlogind in
IPv6 mode, the
configuration file
/etc/inetd.conf
must contain an entry as follows:
login stream tcp6 nowait root /usr/lbin/rlogind rlogind
Note: For IPv6 applications the protocol tcp has to be changed to
tcp6. See inetd.conf(4) for more
information.
To prevent non-secure access, the entry for
login should be commented out in /etc/inetd.conf
.
Any non-Kerberos access will be denied since the entry for the port indicated by
login has now been
removed or commented out. In a such a situation, a generic error message,
rcmd: connect <hostname> : Connection refused
is displayed. See DIAGNOSTICS for more details.
Options
rlogind recognizes the following options:
-l This option is used to prevent any authentication based on the user’s .rhosts file unless the
user is logging in as super-user.
-s This option is used in multi-homed NIS systems. It disables rlogind from doing a reverse
lookup, of the client’s IP address; see gethostbyname(3N). It can be used to circumvent an NIS
limitation with multihomed hosts.
-n This option is used to disable transport-level keepalive messages.
-B bannerfile
Causes the file, bannerfile, to be displayed to incoming rlogin requests.
In a secure environment, rlogind will recognize the following additional options:
-c Ignore checksum verification. This option is used to achieve interoperability between clients and
servers using different checksum calculation methods. For example, the checksum calculation in
a application developed with Kerberos V5 Beta 4 API is different from the calculation in a Ker-
beros V5-1.0 application.
256 Hewlett-Packard Company 1 HP-UX 11i Version 3: February 2007