NAME

     rlogind, in.rlogind - remote login server


SYNOPSIS

     login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind
     tcpd login /usr/sbin/in.rlogind


DESCRIPTION

     Rlogind is the server for the rlogin(1) program.  The server
     provides  a  remote login facility with authentication based
     on privileged port numbers from trusted hosts.

     Rlogind listens for service requests at the  port  indicated
     in  the  ``login''  service  specification; see services(5).
     When a service request is received the following protocol is
     initiated:

     1)   The server checks the client's  source  port.   If  the
          port  is not in the range 0-1023, the server aborts the
          connection.

     2)   The server  checks  the  client's  source  address  and
          requests  the  corresponding  host  name  (see gethost-
          byaddr(3), hosts(5) and  named(8)).   If  the  hostname
          cannot  be  determined, the dot-notation representation
          of the host address is used.

     Once the source port and address have been checked,  rlogind
     allocates  a  pseudo  terminal (see tty(4)), and manipulates
     file descriptors so that the slave half of the pseudo termi-
     nal becomes the stdin , stdout , and stderr for a login pro-
     cess.  The login process is an instance of the login(1) pro-
     gram,  invoked  with  the -r option.  The login process then
     proceeds with the authentication  process  as  described  in
     rshd(8), but if automatic authentication fails, it reprompts
     the user to login as one finds on a standard terminal line.

     The parent of the login process manipulates the master  side
     of the pseduo terminal, operating as an intermediary between
     the login process and the client instance of the rlogin pro-
     gram.  In normal operation, the packet protocol described in
     tty(4) is invoked to provide ^S/^Q type facilities and  pro-
     pagate  interrupt signals to the remote programs.  The login
     process propagates the client terminal's baud rate and  ter-
     minal  type, as found in the environment variable, ``TERM'';
     see environ(7).  The screen or window size of  the  terminal
     is  requested  from the client, and window size changes from
     the client are propagated to the pseudo terminal.


SEE ALSO

     rlogin(1).


DIAGNOSTICS

     All diagnostic messages are returned on the connection asso-
     ciated  with the stderr, after which any network connections
     are closed.  An error is indicated by a leading byte with  a
     value of 1.

     ``Try again.''
     A fork by the server failed.

     ``/bin/sh: ...''
     The user's login shell could not be started.


BUGS

     The authentication procedure used here assumes the integrity
     of  each  client machine and the connecting medium.  This is
     insecure, but is useful in an ``open'' environment.

     A facility to allow  all  data  exchanges  to  be  encrypted
     should be present.

     A more extensible protocol should be used.