diff options
Diffstat (limited to 'crypto/heimdal/appl/rsh/rshd.8')
-rw-r--r-- | crypto/heimdal/appl/rsh/rshd.8 | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/crypto/heimdal/appl/rsh/rshd.8 b/crypto/heimdal/appl/rsh/rshd.8 new file mode 100644 index 0000000..5b65e1b --- /dev/null +++ b/crypto/heimdal/appl/rsh/rshd.8 @@ -0,0 +1,130 @@ +.\" Things to fix: +.\" * remove Op from mandatory flags +.\" * use better macros for arguments (like .Pa for files) +.\" +.Dd July 31, 2001 +.Dt RSHD 8 +.Os HEIMDAL +.Sh NAME +.Nm rshd +.Nd +remote shell server +.Sh SYNOPSIS +.Nm +.Op Fl aiklnvxPL +.Op Fl p Ar port +.Sh DESCRIPTION +.Nm +is the server for +the +.Xr rsh 1 +program. It provides an authenticated remote command execution +service. Supported options are: +.Bl -tag -width Ds +.It Xo +.Fl n Ns , +.Fl -no-keepalive +.Xc +Disables keep-alive messages. Keep-alives are packets sent a certain +interval to make sure that the client is still there, even when it +doesn't send any data. +.It Xo +.Fl k Ns , +.Fl -kerberos +.Xc +Assume that clients connecting to this server will use some form of +Kerberos authentication. See the +.Sx EXAMPLES +section for a sample +.Xr inetd.conf 5 +configuration. +.It Xo +.Fl x Ns , +.Fl -encrypt +.Xc +For Kerberos 4 this means that the connections are encrypted. Kerberos +5 will negotiate encryption inline. This option implies +.Fl k . +.\".It Xo +.\".Fl l Ns , +.\".Fl -no-rhosts +.\".Xc +.\"When using old port-based authentication, the user's +.\".Pa .rhosts +.\"files are normally checked. This options disables this. +.It Xo +.Fl v Ns , +.Fl -vacuous +.Xc +If the connecting client does not use any Kerberised authentication, +print a message that complains about this fact, and exit. This is +helpful if you want to move away from old port-based authentication. +.It Xo +.Fl P +.Xc +When using the AFS filesystem, users' authentication tokens are put in +something called a PAG (Process Authentication Group). Multiple +processes can share a PAG, but normally each login session has its own +PAG. This option disables the +.Fn setpag +call, so all tokens will be put in the default (uid-based) PAG, making +it possible to share tokens between sessions. This is only useful in +peculiar environments, such as some batch systems. +.It Xo +.Fl i Ns , +.Fl -no-inetd +.Xc +The +.Fl i +option will cause +.Nm +to create a socket, instead of assuming that its stdin came from +.Xr inetd 8 . +This is mostly useful for debugging. +.It Xo +.Fl p Ar port Ns , +.Fl -port= Ns Ar port +.Xc +Port to use with +.Fl i . +.It Xo +.Fl a +.Xc +This flag is for backwards compatibility only. +.It Xo +.Fl L +.Xc +This flag enables logging of connections to +.Xr syslogd 8 . +This option is always on in this implementation. +.El +.\".Sh ENVIRONMENT +.Sh FILES +.Bl -tag -width /etc/hosts.equiv -compact +.It Pa /etc/hosts.equiv +.It Pa ~/.rhosts +.El +.Sh EXAMPLES +The following can be used to enable Kerberised rsh in +.Xr inetd.cond 5 , +while disabling non-Kerberised connections: +.Bd -literal +shell stream tcp nowait root /usr/libexec/rshd rshd -v +kshell stream tcp nowait root /usr/libexec/rshd rshd -k +ekshell stream tcp nowait root /usr/libexec/rshd rshd -kx +.Ed +.\".Sh DIAGNOSTICS +.Sh SEE ALSO +.Xr rsh 1 , +.Xr iruserok 3 +.\".Sh STANDARDS +.Sh HISTORY +The +.Nm +command appeared in +.Bx 4.2 . +.Sh AUTHORS +This implementation of +.Nm +was written as part of the Heimdal Kerberos 5 implementation. +.\".Sh BUGS |