diff options
Diffstat (limited to 'eBones/man/kshd.8')
-rw-r--r-- | eBones/man/kshd.8 | 152 |
1 files changed, 0 insertions, 152 deletions
diff --git a/eBones/man/kshd.8 b/eBones/man/kshd.8 deleted file mode 100644 index e1ecc22..0000000 --- a/eBones/man/kshd.8 +++ /dev/null @@ -1,152 +0,0 @@ -.\" from: kshd.8,v 4.1 89/01/23 11:39:41 jtkohl Exp $ -.\" $Id: kshd.8,v 1.2 1994/07/19 19:27:50 g89r4222 Exp $ -.\" -.\" Copyright (c) 1983 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted -.\" provided that the above copyright notice and this paragraph are -.\" duplicated in all such forms and that any documentation, -.\" advertising materials, and other materials related to such -.\" distribution and use acknowledge that the software was developed -.\" by the University of California, Berkeley. The name of the -.\" University may not be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" @(#)rshd.8 6.5 (Berkeley) 9/19/88 -.\" -.TH KSHD 8 "Kerberos Version 4.0" "MIT Project Athena" -.UC 5 -.SH NAME -kshd \- remote shell server -.SH SYNOPSIS -.B /usr/etc/kshd -.SH DESCRIPTION -.I Kshd -is the server for the -.IR kcmd (3) -routine and, consequently, for the -.IR rsh (1) -program. The server provides remote execution facilities -with authentication based on Kerberos. -.PP -.I Kshd -listens for service requests at the port indicated in -the ``kshell'' service specification; see -.IR services (5). -When a service request is received the following protocol -is initiated: -.IP 1) -The server reads characters from the socket up -to a null (`\e0') byte. The resultant string is -interpreted as an ASCII number, base 10. -.IP 2) -If the number received in step 1 is non-zero, -it is interpreted as the port number of a secondary -stream to be used for the -.BR stderr . -A second connection is then created to the specified -port on the client's machine. -.IP 3) -The server checks the client's source address -and requests the corresponding host name (see -.IR gethostbyaddr (3N), -.IR hosts (5) -and -.IR named (8)). -If the hostname cannot be determined, -the dot-notation representation of the host address is used. -.IP 4) -A Kerberos ticket/authenticator pair are retrieved on the initial socket. -.IP 5) -A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name -is interpreted as a user identity to use on the -.BR server 's -machine. -.IP 6) -A null terminated command to be passed to a -shell is retrieved on the initial socket. The length of -the command is limited by the upper bound on the size of -the system's argument list. -.IP 7) -.I Kshd -then validates the user according to the following steps. -The local (server-end) user name is looked up in the password file -and a -.I chdir -is performed to the user's home directory. If either -the lookup or -.I chdir -fail, the connection is terminated. The \&.klogin file in the home -directory is used to mediate access to the account (via \fIkuserok\fP(3)) -by the Kerberos principal named in the ticket/authenticator. If this -authorization check fails, the connection is terminated. -.IP 8) -A null byte is returned on the initial socket -and the command line is passed to the normal login -shell of the user. The -shell inherits the network connections established -by -.IR kshd . -.SH DIAGNOSTICS -Except for the last one listed below, -all diagnostic messages -are returned on the initial socket, -after which any network connections are closed. -An error is indicated by a leading byte with a value of -1 (0 is returned in step 8 above upon successful completion -of all the steps prior to the execution of the login shell). -.PP -.B ``remuser too long'' -.br -The name of the user on the remote machine is -longer than 16 characters. -.PP -.B ``command too long '' -.br -The command line passed exceeds the size of the argument -list (as configured into the system). -.PP -.B ``Login incorrect.'' -.br -No password file entry for the user name existed. -.PP -.B ``No remote directory.'' -.br -The -.I chdir -command to the home directory failed. -.PP -.B ``Permission denied.'' -.br -The authorization procedure described above failed. -.PP -.B ``Can't make pipe.'' -.br -The pipe needed for the -.BR stderr , -wasn't created. -.PP -.B ``Try again.'' -.br -A -.I fork -by the server failed. -.PP -.B ``<shellname>: ...'' -.br -The user's login shell could not be started. This message is returned -on the connection associated with the -.BR stderr , -and is not preceded by a flag byte. -.SH SEE ALSO -rsh(1), kerberos(3), kuserok(3) -.SH BUGS -A facility to allow all data exchanges to be encrypted should be -present. -.PP -A more extensible protocol should be used. |