Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

rlogin(1)

inetd(1M)

named(1M)

gethostent(3N)

ruserok(3N)

hosts(4)

hosts.equiv(4)

inetd.conf(4)

services(4)

environ(5)

pty(7)

rlogind(1M)

Requires Optional ARPA Services Software

NAME

rlogind − remote login server

SYNOPSIS

/etc/rlogind [−ln]

DESCRIPTION

rlogind is the server for the rlogin(1) program. It provides a remote login facility with authentication based on privileged port numbers. rlogind expects to be executed by the Internet daemon (inetd(1M)) when it receives a service request at the port indicated in the services database for login using the tcp protocol (see services(4)).

When a service request is received, the following protocol is initiated by rlogind:

1.  rlogind checks the client’s source port.  If the port is not in the range 512 through 1023 (a “privileged port”), the server aborts the connection. 

2.  rlogind checks the client’s source address and requests the corresponding host name (see gethostent(3N), hosts(4), and named(1M)). If it cannot determine the hostname, it uses the Internet dot-notation representation of the host address.

Once the source port and address have been checked, rlogind proceeds with the authentication process described in hosts.equiv(4). rlogind then allocates a pseudo-terminal (see pty(7)), and manipulates file descriptors so that the slave half of the pseudo-terminal becomes stdin, stdout, and stderr for a login process.  The login process is an instance of login(1) invoked with the −f option if authentication has succeeded.  If automatic authentication fails, login(1) prompts the user with the normal login sequence. The −l option to rlogind prevents any authentication based on the user’s .rhosts file unless the user is logging in as super-user. 

The rlogind process manipulates the master side of the pseudo-terminal, operating as an intermediary between the login process and the client instance of the rlogin program.  The packet protocol described in pty(7) is used to enable and disable flow control via Ctrl-S/Ctrl-Q under the direction of the program running on the slave side of the pseudo-terminal, and to flush terminal output in response to interrupt signals.  The login process sets the baud rate and TERM environment variable to correspond to the client’s baud rate and terminal type (see environ(5)).

Transport-level keepalive messages are enabled unless the −n option is present.  The use of keepalive messages allows sessions to be timed out if the client crashes or becomes unreachable. 

To start rlogind from the Internet daemon, the configuration file /etc/inetd.conf must contain an entry as follows:

login  stream  tcp  nowait  root  /etc/rlogind  rlogind

DIAGNOSTICS

Errors in establishing a connection cause an error message to be returned with a leading byte of 1 through the socket connection, after which the network connection is closed.  Any errors generated by the login process or its descendents are passed through by the server as normal communication. 

fork:  No more processes
The server was unable to fork a process to handle the incoming connection.

Next step: Wait a period of time and try again. If this message persists, the server’s host may have runaway processes that are using all the entries in the process table.

Cannot allocate pty on remote host
The server was unable to obtain a pseudo-terminal for use with the login process. Either all pseudo-terminals were in use, or the pty driver has not been properly set up (see pty(7)).

Next step: Check the pty configuration of the host where rlogind executes. 

Permission denied
The server denied access because the client was not using a reserved port. This should only happen to interlopers trying to break into the system.

/bin/login: ... 
The login program could not be started via exec(2) for the reason indicated.

Next step: Try to correct the condition causing the problem.  If this message persists, contact your system administrator.

WARNINGS

The “privileged port” authentication procedure used here assumes the integrity of each host and the connecting medium.  This is insecure, but is useful in an “open” environment.  Note that any passwords are sent unencrypted through the socket connection. 

AUTHOR

rlogind was developed by the University of California, Berkeley. 

FILES

/etc/hosts.equiv list of equivalent hosts

$HOME/.rhosts user’s private equivalence list

SEE ALSO

login(1), rlogin(1), inetd(1M), named(1M), gethostent(3N), ruserok(3N), hosts(4), hosts.equiv(4),  inetd.conf(4), services(4), environ(5), pty(7). 

Hewlett-Packard Company  —  HP-UX Release 9.0: August 1992

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026