xref: /freebsd/crypto/heimdal/appl/rsh/rshd.8 (revision 8373020d34ceb1ac55d8f43333c1ca3680185b39) 
14137ff4cSJacques Vidrine.\" Things to fix:
24137ff4cSJacques Vidrine.\"   * remove Op from mandatory flags
34137ff4cSJacques Vidrine.\"   * use better macros for arguments (like .Pa for files)
44137ff4cSJacques Vidrine.\"
54137ff4cSJacques Vidrine.Dd July 31, 2001
64137ff4cSJacques Vidrine.Dt RSHD 8
74137ff4cSJacques Vidrine.Os HEIMDAL
84137ff4cSJacques Vidrine.Sh NAME
94137ff4cSJacques Vidrine.Nm rshd
104137ff4cSJacques Vidrine.Nd
114137ff4cSJacques Vidrineremote shell server
124137ff4cSJacques Vidrine.Sh SYNOPSIS
134137ff4cSJacques Vidrine.Nm
144137ff4cSJacques Vidrine.Op Fl aiklnvxPL
154137ff4cSJacques Vidrine.Op Fl p Ar port
164137ff4cSJacques Vidrine.Sh DESCRIPTION
174137ff4cSJacques Vidrine.Nm
184137ff4cSJacques Vidrineis the server for
194137ff4cSJacques Vidrinethe
204137ff4cSJacques Vidrine.Xr rsh 1
214137ff4cSJacques Vidrineprogram. It provides an authenticated remote command execution
224137ff4cSJacques Vidrineservice.  Supported options are:
234137ff4cSJacques Vidrine.Bl -tag -width Ds
244137ff4cSJacques Vidrine.It Xo
258373020dSJacques Vidrine.Fl n ,
264137ff4cSJacques Vidrine.Fl -no-keepalive
274137ff4cSJacques Vidrine.Xc
284137ff4cSJacques VidrineDisables keep-alive messages. Keep-alives are packets sent a certain
294137ff4cSJacques Vidrineinterval to make sure that the client is still there, even when it
304137ff4cSJacques Vidrinedoesn't send any data.
314137ff4cSJacques Vidrine.It Xo
328373020dSJacques Vidrine.Fl k ,
334137ff4cSJacques Vidrine.Fl -kerberos
344137ff4cSJacques Vidrine.Xc
354137ff4cSJacques VidrineAssume that clients connecting to this server will use some form of
364137ff4cSJacques VidrineKerberos authentication. See the
374137ff4cSJacques Vidrine.Sx EXAMPLES
384137ff4cSJacques Vidrinesection for a sample
394137ff4cSJacques Vidrine.Xr inetd.conf 5
404137ff4cSJacques Vidrineconfiguration.
414137ff4cSJacques Vidrine.It Xo
428373020dSJacques Vidrine.Fl x ,
434137ff4cSJacques Vidrine.Fl -encrypt
444137ff4cSJacques Vidrine.Xc
454137ff4cSJacques VidrineFor Kerberos 4 this means that the connections are encrypted. Kerberos
464137ff4cSJacques Vidrine5 will negotiate encryption inline. This option implies
474137ff4cSJacques Vidrine.Fl k .
484137ff4cSJacques Vidrine.\".It Xo
498373020dSJacques Vidrine.\".Fl l ,
504137ff4cSJacques Vidrine.\".Fl -no-rhosts
514137ff4cSJacques Vidrine.\".Xc
524137ff4cSJacques Vidrine.\"When using old port-based authentication, the user's
534137ff4cSJacques Vidrine.\".Pa .rhosts
544137ff4cSJacques Vidrine.\"files are normally checked. This options disables this.
554137ff4cSJacques Vidrine.It Xo
568373020dSJacques Vidrine.Fl v ,
574137ff4cSJacques Vidrine.Fl -vacuous
584137ff4cSJacques Vidrine.Xc
594137ff4cSJacques VidrineIf the connecting client does not use any Kerberised authentication,
604137ff4cSJacques Vidrineprint a message that complains about this fact, and exit. This is
614137ff4cSJacques Vidrinehelpful if you want to move away from old port-based authentication.
624137ff4cSJacques Vidrine.It Xo
634137ff4cSJacques Vidrine.Fl P
644137ff4cSJacques Vidrine.Xc
654137ff4cSJacques VidrineWhen using the AFS filesystem, users' authentication tokens are put in
664137ff4cSJacques Vidrinesomething called a PAG (Process Authentication Group). Multiple
674137ff4cSJacques Vidrineprocesses can share a PAG, but normally each login session has its own
684137ff4cSJacques VidrinePAG. This option disables the
694137ff4cSJacques Vidrine.Fn setpag
704137ff4cSJacques Vidrinecall, so all tokens will be put in the default (uid-based) PAG, making
714137ff4cSJacques Vidrineit possible to share tokens between sessions. This is only useful in
724137ff4cSJacques Vidrinepeculiar environments, such as some batch systems.
734137ff4cSJacques Vidrine.It Xo
748373020dSJacques Vidrine.Fl i ,
754137ff4cSJacques Vidrine.Fl -no-inetd
764137ff4cSJacques Vidrine.Xc
774137ff4cSJacques VidrineThe
784137ff4cSJacques Vidrine.Fl i
794137ff4cSJacques Vidrineoption will cause
804137ff4cSJacques Vidrine.Nm
814137ff4cSJacques Vidrineto create a socket, instead of assuming that its stdin came from
824137ff4cSJacques Vidrine.Xr inetd 8 .
834137ff4cSJacques VidrineThis is mostly useful for debugging.
844137ff4cSJacques Vidrine.It Xo
858373020dSJacques Vidrine.Fl p Ar port ,
864137ff4cSJacques Vidrine.Fl -port= Ns Ar port
874137ff4cSJacques Vidrine.Xc
884137ff4cSJacques VidrinePort to use with
894137ff4cSJacques Vidrine.Fl i .
904137ff4cSJacques Vidrine.It Xo
914137ff4cSJacques Vidrine.Fl a
924137ff4cSJacques Vidrine.Xc
934137ff4cSJacques VidrineThis flag is for backwards compatibility only.
944137ff4cSJacques Vidrine.It Xo
954137ff4cSJacques Vidrine.Fl L
964137ff4cSJacques Vidrine.Xc
974137ff4cSJacques VidrineThis flag enables logging of connections to
984137ff4cSJacques Vidrine.Xr syslogd 8 .
994137ff4cSJacques VidrineThis option is always on in this implementation.
1004137ff4cSJacques Vidrine.El
1014137ff4cSJacques Vidrine.\".Sh ENVIRONMENT
1024137ff4cSJacques Vidrine.Sh FILES
1034137ff4cSJacques Vidrine.Bl -tag -width /etc/hosts.equiv -compact
1044137ff4cSJacques Vidrine.It Pa /etc/hosts.equiv
1054137ff4cSJacques Vidrine.It Pa ~/.rhosts
1064137ff4cSJacques Vidrine.El
1074137ff4cSJacques Vidrine.Sh EXAMPLES
1084137ff4cSJacques VidrineThe following can be used to enable Kerberised rsh in
1094137ff4cSJacques Vidrine.Xr inetd.cond 5 ,
1104137ff4cSJacques Vidrinewhile disabling non-Kerberised connections:
1114137ff4cSJacques Vidrine.Bd -literal
1124137ff4cSJacques Vidrineshell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
1134137ff4cSJacques Vidrinekshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
1144137ff4cSJacques Vidrineekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx
1154137ff4cSJacques Vidrine.Ed
1164137ff4cSJacques Vidrine.\".Sh DIAGNOSTICS
1174137ff4cSJacques Vidrine.Sh SEE ALSO
1184137ff4cSJacques Vidrine.Xr rsh 1 ,
1194137ff4cSJacques Vidrine.Xr iruserok 3
1204137ff4cSJacques Vidrine.\".Sh STANDARDS
1214137ff4cSJacques Vidrine.Sh HISTORY
1224137ff4cSJacques VidrineThe
1234137ff4cSJacques Vidrine.Nm
1244137ff4cSJacques Vidrinecommand appeared in
1254137ff4cSJacques Vidrine.Bx 4.2 .
1264137ff4cSJacques Vidrine.Sh AUTHORS
1274137ff4cSJacques VidrineThis implementation of
1284137ff4cSJacques Vidrine.Nm
1294137ff4cSJacques Vidrinewas written as part of the Heimdal Kerberos 5 implementation.
1304137ff4cSJacques Vidrine.\".Sh BUGS
131