in.rlogind(8) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

in.rlogind(8)

System Administration Commands                                   in.rlogind(8)



NAME
       in.rlogind, rlogind - remote login server

SYNOPSIS
       /usr/sbin/in.rlogind [-s tos]

DESCRIPTION
       in.rlogind is the server for the rlogin(1) program. The server provides
       a remote login facility with authentication based  on  privileged  port
       numbers.


       in.rlogind  is  invoked  by  inetd(8) when a remote login connection is
       established. The rlogin protocol authentication procedure  is  as  fol‐
       lows:

           o      The  server  checks the client's source port. If the port is
                  not in the range 512-1023, the server aborts the connection.


           o      The server checks the client's source address. If  an  entry
                  for    the    client   exists   in   both   /etc/hosts   and
                  /etc/hosts.equiv, a user logging in from the client  is  not
                  prompted for a password. If the address is associated with a
                  host for which no corresponding entry exists in  /etc/hosts,
                  the  user  is prompted for a password, regardless of whether
                  or  not  an   entry   for   the   client   is   present   in
                  /etc/hosts.equiv. For more information, see the hosts(5) and
                  hosts.equiv(5) man pages.



       Once the source port and address have been  checked,  in.rlogind  allo‐
       cates  a  pseudo-terminal  and manipulates file descriptors so that the
       slave half of the pseudo-terminal becomes the stdin, stdout, and stderr
       for  a  login process. The login process is an instance of the login(1)
       program, invoked with the -r.


       The login process  then  proceeds  with  the  pam(3PAM)  authentication
       process.  See  SECURITY  below.  If  automatic authentication fails, it
       reprompts the user to login.


       The parent of the login process manipulates  the  master  side  of  the
       pseudo-terminal, operating as an intermediary between the login process
       and the client instance of the rlogin program. In normal  operation,  a
       packet protocol is invoked to provide Ctrl-S and Ctrl-Q type facilities
       and propagate interrupt signals  to  the  remote  programs.  The  login
       process  propagates  the client terminal's baud rate and terminal type,
       as found in the environment variable, TERM.

OPTIONS
       The following option is supported:

       -s tos    Sets the IP  TOS option.


USAGE
       rlogind and in.rlogind are IPv6-enabled. See ip6(4P).

SECURITY
       in.rlogind uses pam(3PAM) for authentication, account  management,  and
       session   management.  The  PAM  configuration  policy,  configured  in
       /etc/pam.conf or per-service files in /etc/pam.d/, specifies  the  mod‐
       ules  to  be  used for in.rlogind. Here is a partial pam.conf file with
       entries for the rlogin command using the rhosts and UNIX authentication
       modules, and the UNIX account, session management, and password manage‐
       ment modules.


       tab();   lw(0.75i)   lw(1.52i)   lw(3.23i)    rloginauth    sufficient‐
       pam_rhosts_auth.so.1  rloginauth  requisitepam_authtok_get.so.1 rlogin‐
       auth requiredpam_unix_auth.so.1

       rloginaccount   requiredpam_unix_roles.so.1   rloginaccount   required‐
       pam_unix_projects.so.1 rloginaccount requiredpam_unix_account.so.1

       rloginsession requiredpam_unix_session.so.1



       The equivalent PAM configuration using /etc/pam.d/ would be the follow‐
       ing entries in /etc/pam.d/rlogin:

         auth sufficient    pam_rhosts_auth.so.1
         auth requisite     pam_authtok_get.so.1
         auth required      pam_unix_auth.so.1

         account required   pam_unix_roles.so.1
         account required   pam_unix_projects.so.1
         account required   pam_unix_account.so.1

         session required   pam_unix_session.so.1



       With this configuration, the server checks the client's source address.
       If   an   entry   for   the   client  exists  in  both  /etc/hosts  and
       /etc/hosts.equiv, a user logging in from the client is not prompted for
       a  password. If the address is associated with a host for which no cor‐
       responding entry exists in /etc/hosts, the user is prompted for a pass‐
       word,  regardless  of whether or not an entry for the client is present
       in  /etc/hosts.equiv.  For  more  information,  see  the  hosts(5)  and
       hosts.equiv(5) man pages.


       If  there  are  no entries for the rlogin service, then the entries for
       the "other" service will be used. If  multiple  authentication  modules
       are  listed,  then  the  user  may  be prompted for multiple passwords.
       Removing   the   pam_rhosts_auth.so.1   entry    will    disable    the
       /etc/hosts.equiv  and  ~/.rhosts  authentication  protocol and the user
       would always be forced to type the password. The sufficient flag  indi‐
       cates  that  authentication  through the pam_rhosts_auth.so.1 module is
       sufficient to authenticate the user. Only if this authentication  fails
       is the next authentication module used.

ATTRIBUTES
       See  the  attributes(7)  man  page  for  descriptions  of the following
       attributes:


       tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE  TYPEAT‐
       TRIBUTE  VALUE  _ Availabilityservice/network/legacy-remote-utilities _
       Interface StabilityObsolete


SEE ALSO
       login(1),  rlogin(1),  svcs(1),  pam(3PAM),  hosts(5),  hosts.equiv(5),
       pam.conf(5), attributes(7), environ(7), pam_authtok_check(7), pam_auth‐
       tok_get(7),  pam_authtok_store(7),  pam_dhkeys(7),  pam_passwd_auth(7),
       pam_unix_account(7),   pam_unix_auth(7),  pam_unix_session(7),  smf(7),
       in.rshd(8), inetadm(8), inetd(8), svcadm(8)

DIAGNOSTICS
       All diagnostic messages are returned on the connection associated  with
       the stderr, after which any network connections are closed. An error is
       indicated by a leading byte with a value of 1.

       Hostname for your address unknown.

           No entry in  the  host  name  database  existed  for  the  client's
           machine.


       Try again.

           A fork by the server failed.


       /usr/bin/sh: ...

           The user's login shell could not be started.


NOTES
       The  authentication  procedure  used here assumes the integrity of each
       client machine and the connecting medium. This is insecure, but can  be
       convenient  in  environments  where it does not conflict with the local
       security policy.


       A facility to allow all  data  exchanges  to  be  encrypted  should  be
       present.


       The  in.rlogind  service is managed by the service management facility,
       smf(7), under the service identifier:


         svc:/network/login:rlogin (rlogin)




       Administrative actions on this service, such as enabling, disabling, or
       requesting  restart,  can  be performed using svcadm(8). Responsibility
       for initiating and restarting this service is  delegated  to  inetd(8).
       Use  inetadm(8) to make configuration changes and to view configuration
       information for this service. The service's status can be queried using
       the svcs(1) command.


       This technology may be removed in a future release of Oracle Solaris.



Oracle Solaris 11.4               24 Nov 2020                    in.rlogind(8)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3