summaryrefslogtreecommitdiffstats
path: root/crypto/kerberosIV/man/rshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV/man/rshd.8')
-rw-r--r--crypto/kerberosIV/man/rshd.8221
1 files changed, 0 insertions, 221 deletions
diff --git a/crypto/kerberosIV/man/rshd.8 b/crypto/kerberosIV/man/rshd.8
deleted file mode 100644
index 8bd661f..0000000
--- a/crypto/kerberosIV/man/rshd.8
+++ /dev/null
@@ -1,221 +0,0 @@
-.\" Copyright (c) 1983, 1989, 1991, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)rshd.8 8.1 (Berkeley) 6/4/93
-.\"
-.Dd August 25, 1996
-.Dt RSHD 8
-.Os BSD 4.2
-.Sh NAME
-.Nm rshd
-.Nd remote shell server
-.Sh SYNOPSIS
-.Nm rshd
-.Op Fl ailnkvxLP
-.Op Fl p Ar portnumber
-.Sh DESCRIPTION
-The
-.Nm rshd
-server
-is the server for the
-.Xr rcmd 3
-routine and, consequently, for the
-.Xr rsh 1
-program. The server provides remote execution facilities with
-kerberos-based authentication or traditional pseudo-authentication
-with privileged port numbers from trusted hosts.
-.Pp
-The
-.Nm rshd
-server
-listens for service requests at the port indicated in
-the ``cmd'' service specification; see
-.Xr services 5 .
-When a service request is received
-.Nm rshd
-verifies the kerberos ticket supplied by the user.
-.Pp
-For non-kerberised connections, the following protocol is initiated:
-.Bl -enum
-.It
-The server checks the client's source port.
-If the port is not in the range 512-1023, the server
-aborts the connection.
-.It
-The server reads characters from the socket up
-to a null (`\e0') byte. The resultant string is
-interpreted as an
-.Tn ASCII
-number, base 10.
-.It
-If the number received in step 2 is non-zero,
-it is interpreted as the port number of a secondary
-stream to be used for the
-.Em stderr .
-A second connection is then created to the specified
-port on the client's machine. The source port of this
-second connection is also in the range 512-1023.
-.It
-The server checks the client's source address
-and requests the corresponding host name (see
-.Xr gethostbyaddr 3 ,
-.Xr hosts 5
-and
-.Xr named 8 ) .
-If the hostname cannot be determined,
-the dot-notation representation of the host address is used.
-The addresses for the hostname are requested,
-verifying that the name and address correspond.
-If address verification fails, the connection is aborted
-with the message, ``Host address mismatch.''
-.It
-A null terminated user name of at most 16 characters
-is retrieved on the initial socket. This user name
-is interpreted as the user identity on the
-.Em client Ns 's
-machine.
-.It
-A null terminated user name of at most 16 characters
-is retrieved on the initial socket. This user name
-is interpreted as a user identity to use on the
-.Sy server Ns 's
-machine.
-.It
-A null terminated command to be passed to a
-shell is retrieved on the initial socket. The length of
-the command is limited by the upper bound on the size of
-the system's argument list.
-.It
-.Nm Rshd
-then validates the user using
-.Xr ruserok 3 ,
-which uses the file
-.Pa /etc/hosts.equiv
-and the
-.Pa .rhosts
-file found in the user's home directory. The
-.Fl l
-option prevents
-.Xr ruserok 3
-from doing any validation based on the user's ``.rhosts'' file,
-unless the user is the superuser.
-.It
-If the file
-.Pa /etc/nologin
-exists and the user is not the superuser,
-the connection is closed.
-.It
-A null byte is returned on the initial socket
-and the command line is passed to the normal login
-shell of the user. The
-shell inherits the network connections established
-by
-.Nm rshd .
-.El
-.Pp
-Transport-level keepalive messages are enabled unless the
-.Fl n
-option is present.
-The use of keepalive messages allows sessions to be timed out
-if the client crashes or becomes unreachable.
-.Pp
-The
-.Fl L
-option causes all successful accesses to be logged to
-.Xr syslogd 8
-as
-.Li auth.info
-messages.
-.Bl -tag -width Ds
-.It Fl k
-Enable kerberos authentication.
-.It Fl i
-Do not expect to be spawned by inetd and create a socket and listen on
-it yourself.
-.It Fl p portnumber
-Specifies the port number it should listen on in case the
-.It Fl i
-flag has been given.
-.It Fl v
-Vacuous, echo "Remote host requires Kerberos authentication" and exit.
-.It Fl x
-Provides an encrypted communications channel. This option requires the
-.Fl k
-flag.
-.It Fl P
-AFS only! Doesn't put the remote proccess in a new PAG.
-.El
-.Sh DIAGNOSTICS
-Except for the last one listed below,
-all diagnostic messages
-are returned on the initial socket,
-after which any network connections are closed.
-An error is indicated by a leading byte with a value of
-1 (0 is returned in step 10 above upon successful completion
-of all the steps prior to the execution of the login shell).
-.Bl -tag -width indent
-.It Sy Locuser too long.
-The name of the user on the client's machine is
-longer than 16 characters.
-.It Sy Ruser too long.
-The name of the user on the remote machine is
-longer than 16 characters.
-.It Sy Command too long .
-The command line passed exceeds the size of the argument
-list (as configured into the system).
-.It Sy Login incorrect.
-No password file entry for the user name existed.
-.It Sy Remote directory.
-The
-.Xr chdir
-command to the home directory failed.
-.It Sy Permission denied.
-The authentication procedure described above failed.
-.It Sy Can't make pipe.
-The pipe needed for the
-.Em stderr ,
-wasn't created.
-.It Sy Can't fork; try again.
-A
-.Xr fork
-by the server failed.
-.It Sy <shellname>: ...
-The user's login shell could not be started. This message is returned
-on the connection associated with the
-.Em stderr ,
-and is not preceded by a flag byte.
-.El
-.Sh SEE ALSO
-.Xr rsh 1 ,
-.Xr rcmd 3 ,
-.Xr ruserok 3
-.Sh BUGS
-A more extensible protocol (such as Telnet) should be used.
OpenPOWER on IntegriCloud