summaryrefslogtreecommitdiffstats
path: root/eBones/man/kshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'eBones/man/kshd.8')
-rw-r--r--eBones/man/kshd.8152
1 files changed, 0 insertions, 152 deletions
diff --git a/eBones/man/kshd.8 b/eBones/man/kshd.8
deleted file mode 100644
index e1ecc22..0000000
--- a/eBones/man/kshd.8
+++ /dev/null
@@ -1,152 +0,0 @@
-.\" from: kshd.8,v 4.1 89/01/23 11:39:41 jtkohl Exp $
-.\" $Id: kshd.8,v 1.2 1994/07/19 19:27:50 g89r4222 Exp $
-.\"
-.\" Copyright (c) 1983 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley. The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\" @(#)rshd.8 6.5 (Berkeley) 9/19/88
-.\"
-.TH KSHD 8 "Kerberos Version 4.0" "MIT Project Athena"
-.UC 5
-.SH NAME
-kshd \- remote shell server
-.SH SYNOPSIS
-.B /usr/etc/kshd
-.SH DESCRIPTION
-.I Kshd
-is the server for the
-.IR kcmd (3)
-routine and, consequently, for the
-.IR rsh (1)
-program. The server provides remote execution facilities
-with authentication based on Kerberos.
-.PP
-.I Kshd
-listens for service requests at the port indicated in
-the ``kshell'' service specification; see
-.IR services (5).
-When a service request is received the following protocol
-is initiated:
-.IP 1)
-The server reads characters from the socket up
-to a null (`\e0') byte. The resultant string is
-interpreted as an ASCII number, base 10.
-.IP 2)
-If the number received in step 1 is non-zero,
-it is interpreted as the port number of a secondary
-stream to be used for the
-.BR stderr .
-A second connection is then created to the specified
-port on the client's machine.
-.IP 3)
-The server checks the client's source address
-and requests the corresponding host name (see
-.IR gethostbyaddr (3N),
-.IR hosts (5)
-and
-.IR named (8)).
-If the hostname cannot be determined,
-the dot-notation representation of the host address is used.
-.IP 4)
-A Kerberos ticket/authenticator pair are retrieved on the initial socket.
-.IP 5)
-A null terminated user name of at most 16 characters
-is retrieved on the initial socket. This user name
-is interpreted as a user identity to use on the
-.BR server 's
-machine.
-.IP 6)
-A null terminated command to be passed to a
-shell is retrieved on the initial socket. The length of
-the command is limited by the upper bound on the size of
-the system's argument list.
-.IP 7)
-.I Kshd
-then validates the user according to the following steps.
-The local (server-end) user name is looked up in the password file
-and a
-.I chdir
-is performed to the user's home directory. If either
-the lookup or
-.I chdir
-fail, the connection is terminated. The \&.klogin file in the home
-directory is used to mediate access to the account (via \fIkuserok\fP(3))
-by the Kerberos principal named in the ticket/authenticator. If this
-authorization check fails, the connection is terminated.
-.IP 8)
-A null byte is returned on the initial socket
-and the command line is passed to the normal login
-shell of the user. The
-shell inherits the network connections established
-by
-.IR kshd .
-.SH DIAGNOSTICS
-Except for the last one listed below,
-all diagnostic messages
-are returned on the initial socket,
-after which any network connections are closed.
-An error is indicated by a leading byte with a value of
-1 (0 is returned in step 8 above upon successful completion
-of all the steps prior to the execution of the login shell).
-.PP
-.B ``remuser too long''
-.br
-The name of the user on the remote machine is
-longer than 16 characters.
-.PP
-.B ``command too long ''
-.br
-The command line passed exceeds the size of the argument
-list (as configured into the system).
-.PP
-.B ``Login incorrect.''
-.br
-No password file entry for the user name existed.
-.PP
-.B ``No remote directory.''
-.br
-The
-.I chdir
-command to the home directory failed.
-.PP
-.B ``Permission denied.''
-.br
-The authorization procedure described above failed.
-.PP
-.B ``Can't make pipe.''
-.br
-The pipe needed for the
-.BR stderr ,
-wasn't created.
-.PP
-.B ``Try again.''
-.br
-A
-.I fork
-by the server failed.
-.PP
-.B ``<shellname>: ...''
-.br
-The user's login shell could not be started. This message is returned
-on the connection associated with the
-.BR stderr ,
-and is not preceded by a flag byte.
-.SH SEE ALSO
-rsh(1), kerberos(3), kuserok(3)
-.SH BUGS
-A facility to allow all data exchanges to be encrypted should be
-present.
-.PP
-A more extensible protocol should be used.
OpenPOWER on IntegriCloud