svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
in.rlogind(8)
System Administration Commands in.rlogind(8)
NAME
in.rlogind, rlogind - remote login server
SYNOPSIS
/usr/sbin/in.rlogind [-s tos]
DESCRIPTION
in.rlogind is the server for the rlogin(1) program. The server provides
a remote login facility with authentication based on privileged port
numbers.
in.rlogind is invoked by inetd(8) when a remote login connection is
established. The rlogin protocol authentication procedure is as fol‐
lows:
o The server checks the client's source port. If the port is
not in the range 512-1023, the server aborts the connection.
o The server checks the client's source address. If an entry
for the client exists in both /etc/hosts and
/etc/hosts.equiv, a user logging in from the client is not
prompted for a password. If the address is associated with a
host for which no corresponding entry exists in /etc/hosts,
the user is prompted for a password, regardless of whether
or not an entry for the client is present in
/etc/hosts.equiv. For more information, see the hosts(5) and
hosts.equiv(5) man pages.
Once the source port and address have been checked, in.rlogind allo‐
cates a pseudo-terminal and manipulates file descriptors so that the
slave half of the pseudo-terminal becomes the stdin, stdout, and stderr
for a login process. The login process is an instance of the login(1)
program, invoked with the -r.
The login process then proceeds with the pam(3PAM) authentication
process. See SECURITY below. If automatic authentication fails, it
reprompts the user to login.
The parent of the login process manipulates the master side of the
pseudo-terminal, operating as an intermediary between the login process
and the client instance of the rlogin program. In normal operation, a
packet protocol is invoked to provide Ctrl-S and Ctrl-Q type facilities
and propagate interrupt signals to the remote programs. The login
process propagates the client terminal's baud rate and terminal type,
as found in the environment variable, TERM.
OPTIONS
The following option is supported:
-s tos Sets the IP TOS option.
USAGE
rlogind and in.rlogind are IPv6-enabled. See ip6(4P).
SECURITY
in.rlogind uses pam(3PAM) for authentication, account management, and
session management. The PAM configuration policy, configured in
/etc/pam.conf or per-service files in /etc/pam.d/, specifies the mod‐
ules to be used for in.rlogind. Here is a partial pam.conf file with
entries for the rlogin command using the rhosts and UNIX authentication
modules, and the UNIX account, session management, and password manage‐
ment modules.
tab(); lw(0.75i) lw(1.52i) lw(3.23i) rloginauth sufficient‐
pam_rhosts_auth.so.1 rloginauth requisitepam_authtok_get.so.1 rlogin‐
auth requiredpam_unix_auth.so.1
rloginaccount requiredpam_unix_roles.so.1 rloginaccount required‐
pam_unix_projects.so.1 rloginaccount requiredpam_unix_account.so.1
rloginsession requiredpam_unix_session.so.1
The equivalent PAM configuration using /etc/pam.d/ would be the follow‐
ing entries in /etc/pam.d/rlogin:
auth sufficient pam_rhosts_auth.so.1
auth requisite pam_authtok_get.so.1
auth required pam_unix_auth.so.1
account required pam_unix_roles.so.1
account required pam_unix_projects.so.1
account required pam_unix_account.so.1
session required pam_unix_session.so.1
With this configuration, the server checks the client's source address.
If an entry for the client exists in both /etc/hosts and
/etc/hosts.equiv, a user logging in from the client is not prompted for
a password. If the address is associated with a host for which no cor‐
responding entry exists in /etc/hosts, the user is prompted for a pass‐
word, regardless of whether or not an entry for the client is present
in /etc/hosts.equiv. For more information, see the hosts(5) and
hosts.equiv(5) man pages.
If there are no entries for the rlogin service, then the entries for
the "other" service will be used. If multiple authentication modules
are listed, then the user may be prompted for multiple passwords.
Removing the pam_rhosts_auth.so.1 entry will disable the
/etc/hosts.equiv and ~/.rhosts authentication protocol and the user
would always be forced to type the password. The sufficient flag indi‐
cates that authentication through the pam_rhosts_auth.so.1 module is
sufficient to authenticate the user. Only if this authentication fails
is the next authentication module used.
ATTRIBUTES
See the attributes(7) man page for descriptions of the following
attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilityservice/network/legacy-remote-utilities _
Interface StabilityObsolete
SEE ALSO
login(1), rlogin(1), svcs(1), pam(3PAM), hosts(5), hosts.equiv(5),
pam.conf(5), attributes(7), environ(7), pam_authtok_check(7), pam_auth‐
tok_get(7), pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7), smf(7),
in.rshd(8), inetadm(8), inetd(8), svcadm(8)
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with
the stderr, after which any network connections are closed. An error is
indicated by a leading byte with a value of 1.
Hostname for your address unknown.
No entry in the host name database existed for the client's
machine.
Try again.
A fork by the server failed.
/usr/bin/sh: ...
The user's login shell could not be started.
NOTES
The authentication procedure used here assumes the integrity of each
client machine and the connecting medium. This is insecure, but can be
convenient in environments where it does not conflict with the local
security policy.
A facility to allow all data exchanges to be encrypted should be
present.
The in.rlogind service is managed by the service management facility,
smf(7), under the service identifier:
svc:/network/login:rlogin (rlogin)
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(8). Responsibility
for initiating and restarting this service is delegated to inetd(8).
Use inetadm(8) to make configuration changes and to view configuration
information for this service. The service's status can be queried using
the svcs(1) command.
This technology may be removed in a future release of Oracle Solaris.
Oracle Solaris 11.4 24 Nov 2020 in.rlogind(8)