diff options
Diffstat (limited to 'crypto/kerberosIV/man/rshd.8')
-rw-r--r-- | crypto/kerberosIV/man/rshd.8 | 221 |
1 files changed, 0 insertions, 221 deletions
diff --git a/crypto/kerberosIV/man/rshd.8 b/crypto/kerberosIV/man/rshd.8 deleted file mode 100644 index 8bd661f..0000000 --- a/crypto/kerberosIV/man/rshd.8 +++ /dev/null @@ -1,221 +0,0 @@ -.\" Copyright (c) 1983, 1989, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rshd.8 8.1 (Berkeley) 6/4/93 -.\" -.Dd August 25, 1996 -.Dt RSHD 8 -.Os BSD 4.2 -.Sh NAME -.Nm rshd -.Nd remote shell server -.Sh SYNOPSIS -.Nm rshd -.Op Fl ailnkvxLP -.Op Fl p Ar portnumber -.Sh DESCRIPTION -The -.Nm rshd -server -is the server for the -.Xr rcmd 3 -routine and, consequently, for the -.Xr rsh 1 -program. The server provides remote execution facilities with -kerberos-based authentication or traditional pseudo-authentication -with privileged port numbers from trusted hosts. -.Pp -The -.Nm rshd -server -listens for service requests at the port indicated in -the ``cmd'' service specification; see -.Xr services 5 . -When a service request is received -.Nm rshd -verifies the kerberos ticket supplied by the user. -.Pp -For non-kerberised connections, the following protocol is initiated: -.Bl -enum -.It -The server checks the client's source port. -If the port is not in the range 512-1023, the server -aborts the connection. -.It -The server reads characters from the socket up -to a null (`\e0') byte. The resultant string is -interpreted as an -.Tn ASCII -number, base 10. -.It -If the number received in step 2 is non-zero, -it is interpreted as the port number of a secondary -stream to be used for the -.Em stderr . -A second connection is then created to the specified -port on the client's machine. The source port of this -second connection is also in the range 512-1023. -.It -The server checks the client's source address -and requests the corresponding host name (see -.Xr gethostbyaddr 3 , -.Xr hosts 5 -and -.Xr named 8 ) . -If the hostname cannot be determined, -the dot-notation representation of the host address is used. -The addresses for the hostname are requested, -verifying that the name and address correspond. -If address verification fails, the connection is aborted -with the message, ``Host address mismatch.'' -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name -is interpreted as the user identity on the -.Em client Ns 's -machine. -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name -is interpreted as a user identity to use on the -.Sy server Ns 's -machine. -.It -A null terminated command to be passed to a -shell is retrieved on the initial socket. The length of -the command is limited by the upper bound on the size of -the system's argument list. -.It -.Nm Rshd -then validates the user using -.Xr ruserok 3 , -which uses the file -.Pa /etc/hosts.equiv -and the -.Pa .rhosts -file found in the user's home directory. The -.Fl l -option prevents -.Xr ruserok 3 -from doing any validation based on the user's ``.rhosts'' file, -unless the user is the superuser. -.It -If the file -.Pa /etc/nologin -exists and the user is not the superuser, -the connection is closed. -.It -A null byte is returned on the initial socket -and the command line is passed to the normal login -shell of the user. The -shell inherits the network connections established -by -.Nm rshd . -.El -.Pp -Transport-level keepalive messages are enabled unless the -.Fl n -option is present. -The use of keepalive messages allows sessions to be timed out -if the client crashes or becomes unreachable. -.Pp -The -.Fl L -option causes all successful accesses to be logged to -.Xr syslogd 8 -as -.Li auth.info -messages. -.Bl -tag -width Ds -.It Fl k -Enable kerberos authentication. -.It Fl i -Do not expect to be spawned by inetd and create a socket and listen on -it yourself. -.It Fl p portnumber -Specifies the port number it should listen on in case the -.It Fl i -flag has been given. -.It Fl v -Vacuous, echo "Remote host requires Kerberos authentication" and exit. -.It Fl x -Provides an encrypted communications channel. This option requires the -.Fl k -flag. -.It Fl P -AFS only! Doesn't put the remote proccess in a new PAG. -.El -.Sh DIAGNOSTICS -Except for the last one listed below, -all diagnostic messages -are returned on the initial socket, -after which any network connections are closed. -An error is indicated by a leading byte with a value of -1 (0 is returned in step 10 above upon successful completion -of all the steps prior to the execution of the login shell). -.Bl -tag -width indent -.It Sy Locuser too long. -The name of the user on the client's machine is -longer than 16 characters. -.It Sy Ruser too long. -The name of the user on the remote machine is -longer than 16 characters. -.It Sy Command too long . -The command line passed exceeds the size of the argument -list (as configured into the system). -.It Sy Login incorrect. -No password file entry for the user name existed. -.It Sy Remote directory. -The -.Xr chdir -command to the home directory failed. -.It Sy Permission denied. -The authentication procedure described above failed. -.It Sy Can't make pipe. -The pipe needed for the -.Em stderr , -wasn't created. -.It Sy Can't fork; try again. -A -.Xr fork -by the server failed. -.It Sy <shellname>: ... -The user's login shell could not be started. This message is returned -on the connection associated with the -.Em stderr , -and is not preceded by a flag byte. -.El -.Sh SEE ALSO -.Xr rsh 1 , -.Xr rcmd 3 , -.Xr ruserok 3 -.Sh BUGS -A more extensible protocol (such as Telnet) should be used. |