1 files changed, 130 insertions, 0 deletions

diff --git a/crypto/heimdal/appl/rsh/rshd.8 b/crypto/heimdal/appl/rsh/rshd.8
new file mode 100644
index 0000000..5b65e1b
--- /dev/null
+++ b/crypto/heimdal/appl/rsh/rshd.8
@@ -0,0 +1,130 @@
+.\" Things to fix:
+.\"   * remove Op from mandatory flags
+.\"   * use better macros for arguments (like .Pa for files)
+.\"
+.Dd July 31, 2001
+.Dt RSHD 8
+.Os HEIMDAL
+.Sh NAME
+.Nm rshd
+.Nd
+remote shell server
+.Sh SYNOPSIS
+.Nm
+.Op Fl aiklnvxPL
+.Op Fl p Ar port
+.Sh DESCRIPTION
+.Nm
+is the server for
+the
+.Xr rsh 1
+program. It provides an authenticated remote command execution
+service.  Supported options are:
+.Bl -tag -width Ds
+.It Xo
+.Fl n Ns ,
+.Fl -no-keepalive
+.Xc
+Disables keep-alive messages. Keep-alives are packets sent a certain
+interval to make sure that the client is still there, even when it
+doesn't send any data.
+.It Xo
+.Fl k Ns ,
+.Fl -kerberos
+.Xc
+Assume that clients connecting to this server will use some form of
+Kerberos authentication. See the
+.Sx EXAMPLES
+section for a sample 
+.Xr inetd.conf 5 
+configuration.
+.It Xo
+.Fl x Ns ,
+.Fl -encrypt
+.Xc
+For Kerberos 4 this means that the connections are encrypted. Kerberos
+5 will negotiate encryption inline. This option implies
+.Fl k .
+.\".It Xo
+.\".Fl l Ns ,
+.\".Fl -no-rhosts
+.\".Xc
+.\"When using old port-based authentication, the user's
+.\".Pa .rhosts
+.\"files are normally checked. This options disables this.
+.It Xo
+.Fl v Ns ,
+.Fl -vacuous
+.Xc
+If the connecting client does not use any Kerberised authentication,
+print a message that complains about this fact, and exit. This is
+helpful if you want to move away from old port-based authentication.
+.It Xo
+.Fl P
+.Xc
+When using the AFS filesystem, users' authentication tokens are put in
+something called a PAG (Process Authentication Group). Multiple
+processes can share a PAG, but normally each login session has its own
+PAG. This option disables the
+.Fn setpag
+call, so all tokens will be put in the default (uid-based) PAG, making
+it possible to share tokens between sessions. This is only useful in
+peculiar environments, such as some batch systems.
+.It Xo
+.Fl i Ns ,
+.Fl -no-inetd
+.Xc
+The 
+.Fl i 
+option will cause
+.Nm 
+to create a socket, instead of assuming that its stdin came from 
+.Xr inetd 8 .
+This is mostly useful for debugging.
+.It Xo
+.Fl p Ar port Ns ,
+.Fl -port= Ns Ar port
+.Xc
+Port to use with 
+.Fl i .
+.It Xo
+.Fl a
+.Xc
+This flag is for backwards compatibility only.
+.It Xo
+.Fl L
+.Xc
+This flag enables logging of connections to
+.Xr syslogd 8 . 
+This option is always on in this implementation.
+.El
+.\".Sh ENVIRONMENT
+.Sh FILES
+.Bl -tag -width /etc/hosts.equiv -compact
+.It Pa /etc/hosts.equiv
+.It Pa ~/.rhosts
+.El
+.Sh EXAMPLES
+The following can be used to enable Kerberised rsh in
+.Xr inetd.cond 5 , 
+while disabling non-Kerberised connections:
+.Bd -literal
+shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
+kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
+ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx
+.Ed
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr rsh 1 ,
+.Xr iruserok 3
+.\".Sh STANDARDS
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
+.Sh AUTHORS
+This implementation of
+.Nm
+was written as part of the Heimdal Kerberos 5 implementation.
+.\".Sh BUGS