1bbd80c28SJacques Vidrine.\" Copyright (c) 2001 - 2002 Kungliga Tekniska H�gskolan 2bbd80c28SJacques Vidrine.\" (Royal Institute of Technology, Stockholm, Sweden). 3bbd80c28SJacques Vidrine.\" All rights reserved. 44137ff4cSJacques Vidrine.\" 5bbd80c28SJacques Vidrine.\" Redistribution and use in source and binary forms, with or without 6bbd80c28SJacques Vidrine.\" modification, are permitted provided that the following conditions 7bbd80c28SJacques Vidrine.\" are met: 8bbd80c28SJacques Vidrine.\" 9bbd80c28SJacques Vidrine.\" 1. Redistributions of source code must retain the above copyright 10bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer. 11bbd80c28SJacques Vidrine.\" 12bbd80c28SJacques Vidrine.\" 2. Redistributions in binary form must reproduce the above copyright 13bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer in the 14bbd80c28SJacques Vidrine.\" documentation and/or other materials provided with the distribution. 15bbd80c28SJacques Vidrine.\" 16bbd80c28SJacques Vidrine.\" 3. Neither the name of the Institute nor the names of its contributors 17bbd80c28SJacques Vidrine.\" may be used to endorse or promote products derived from this software 18bbd80c28SJacques Vidrine.\" without specific prior written permission. 19bbd80c28SJacques Vidrine.\" 20bbd80c28SJacques Vidrine.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21bbd80c28SJacques Vidrine.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22bbd80c28SJacques Vidrine.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23bbd80c28SJacques Vidrine.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24bbd80c28SJacques Vidrine.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25bbd80c28SJacques Vidrine.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26bbd80c28SJacques Vidrine.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27bbd80c28SJacques Vidrine.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28bbd80c28SJacques Vidrine.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29bbd80c28SJacques Vidrine.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30bbd80c28SJacques Vidrine.\" SUCH DAMAGE. 31bbd80c28SJacques Vidrine.\" 32bbd80c28SJacques Vidrine.\" $Id: rshd.8,v 1.7 2003/04/16 19:58:42 lha Exp $ 33bbd80c28SJacques Vidrine.\" 34bbd80c28SJacques Vidrine.Dd November 22, 2002 354137ff4cSJacques Vidrine.Dt RSHD 8 364137ff4cSJacques Vidrine.Os HEIMDAL 374137ff4cSJacques Vidrine.Sh NAME 384137ff4cSJacques Vidrine.Nm rshd 394137ff4cSJacques Vidrine.Nd 404137ff4cSJacques Vidrineremote shell server 414137ff4cSJacques Vidrine.Sh SYNOPSIS 424137ff4cSJacques Vidrine.Nm 434137ff4cSJacques Vidrine.Op Fl aiklnvxPL 444137ff4cSJacques Vidrine.Op Fl p Ar port 454137ff4cSJacques Vidrine.Sh DESCRIPTION 464137ff4cSJacques Vidrine.Nm 474137ff4cSJacques Vidrineis the server for 484137ff4cSJacques Vidrinethe 494137ff4cSJacques Vidrine.Xr rsh 1 504137ff4cSJacques Vidrineprogram. It provides an authenticated remote command execution 514137ff4cSJacques Vidrineservice. Supported options are: 524137ff4cSJacques Vidrine.Bl -tag -width Ds 534137ff4cSJacques Vidrine.It Xo 548373020dSJacques Vidrine.Fl n , 554137ff4cSJacques Vidrine.Fl -no-keepalive 564137ff4cSJacques Vidrine.Xc 57bbd80c28SJacques VidrineDisables keep-alive messages. 58bbd80c28SJacques VidrineKeep-alives are packets sent at certain intervals to make sure that the 59bbd80c28SJacques Vidrineclient is still there, even when it doesn't send any data. 604137ff4cSJacques Vidrine.It Xo 618373020dSJacques Vidrine.Fl k , 624137ff4cSJacques Vidrine.Fl -kerberos 634137ff4cSJacques Vidrine.Xc 644137ff4cSJacques VidrineAssume that clients connecting to this server will use some form of 654137ff4cSJacques VidrineKerberos authentication. See the 664137ff4cSJacques Vidrine.Sx EXAMPLES 674137ff4cSJacques Vidrinesection for a sample 684137ff4cSJacques Vidrine.Xr inetd.conf 5 694137ff4cSJacques Vidrineconfiguration. 704137ff4cSJacques Vidrine.It Xo 718373020dSJacques Vidrine.Fl x , 724137ff4cSJacques Vidrine.Fl -encrypt 734137ff4cSJacques Vidrine.Xc 744137ff4cSJacques VidrineFor Kerberos 4 this means that the connections are encrypted. Kerberos 75bbd80c28SJacques Vidrine5 can negotiate encryption even without this option, but if it's 76bbd80c28SJacques Vidrinepresent 77bbd80c28SJacques Vidrine.Nm 78bbd80c28SJacques Vidrinewill deny unencrypted connections. This option implies 794137ff4cSJacques Vidrine.Fl k . 804137ff4cSJacques Vidrine.\".It Xo 818373020dSJacques Vidrine.\".Fl l , 824137ff4cSJacques Vidrine.\".Fl -no-rhosts 834137ff4cSJacques Vidrine.\".Xc 844137ff4cSJacques Vidrine.\"When using old port-based authentication, the user's 854137ff4cSJacques Vidrine.\".Pa .rhosts 864137ff4cSJacques Vidrine.\"files are normally checked. This options disables this. 874137ff4cSJacques Vidrine.It Xo 888373020dSJacques Vidrine.Fl v , 894137ff4cSJacques Vidrine.Fl -vacuous 904137ff4cSJacques Vidrine.Xc 914137ff4cSJacques VidrineIf the connecting client does not use any Kerberised authentication, 924137ff4cSJacques Vidrineprint a message that complains about this fact, and exit. This is 934137ff4cSJacques Vidrinehelpful if you want to move away from old port-based authentication. 944137ff4cSJacques Vidrine.It Xo 954137ff4cSJacques Vidrine.Fl P 964137ff4cSJacques Vidrine.Xc 974137ff4cSJacques VidrineWhen using the AFS filesystem, users' authentication tokens are put in 984137ff4cSJacques Vidrinesomething called a PAG (Process Authentication Group). Multiple 994137ff4cSJacques Vidrineprocesses can share a PAG, but normally each login session has its own 1004137ff4cSJacques VidrinePAG. This option disables the 1014137ff4cSJacques Vidrine.Fn setpag 1024137ff4cSJacques Vidrinecall, so all tokens will be put in the default (uid-based) PAG, making 1034137ff4cSJacques Vidrineit possible to share tokens between sessions. This is only useful in 1044137ff4cSJacques Vidrinepeculiar environments, such as some batch systems. 1054137ff4cSJacques Vidrine.It Xo 1068373020dSJacques Vidrine.Fl i , 1074137ff4cSJacques Vidrine.Fl -no-inetd 1084137ff4cSJacques Vidrine.Xc 1094137ff4cSJacques VidrineThe 1104137ff4cSJacques Vidrine.Fl i 1114137ff4cSJacques Vidrineoption will cause 1124137ff4cSJacques Vidrine.Nm 1134137ff4cSJacques Vidrineto create a socket, instead of assuming that its stdin came from 1144137ff4cSJacques Vidrine.Xr inetd 8 . 1154137ff4cSJacques VidrineThis is mostly useful for debugging. 1164137ff4cSJacques Vidrine.It Xo 1178373020dSJacques Vidrine.Fl p Ar port , 1184137ff4cSJacques Vidrine.Fl -port= Ns Ar port 1194137ff4cSJacques Vidrine.Xc 1204137ff4cSJacques VidrinePort to use with 1214137ff4cSJacques Vidrine.Fl i . 1224137ff4cSJacques Vidrine.It Xo 1234137ff4cSJacques Vidrine.Fl a 1244137ff4cSJacques Vidrine.Xc 1254137ff4cSJacques VidrineThis flag is for backwards compatibility only. 1264137ff4cSJacques Vidrine.It Xo 1274137ff4cSJacques Vidrine.Fl L 1284137ff4cSJacques Vidrine.Xc 1294137ff4cSJacques VidrineThis flag enables logging of connections to 1304137ff4cSJacques Vidrine.Xr syslogd 8 . 1314137ff4cSJacques VidrineThis option is always on in this implementation. 1324137ff4cSJacques Vidrine.El 1334137ff4cSJacques Vidrine.\".Sh ENVIRONMENT 1344137ff4cSJacques Vidrine.Sh FILES 1354137ff4cSJacques Vidrine.Bl -tag -width /etc/hosts.equiv -compact 1364137ff4cSJacques Vidrine.It Pa /etc/hosts.equiv 1374137ff4cSJacques Vidrine.It Pa ~/.rhosts 1384137ff4cSJacques Vidrine.El 1394137ff4cSJacques Vidrine.Sh EXAMPLES 1404137ff4cSJacques VidrineThe following can be used to enable Kerberised rsh in 1414137ff4cSJacques Vidrine.Xr inetd.cond 5 , 1424137ff4cSJacques Vidrinewhile disabling non-Kerberised connections: 1434137ff4cSJacques Vidrine.Bd -literal 1444137ff4cSJacques Vidrineshell stream tcp nowait root /usr/libexec/rshd rshd -v 1454137ff4cSJacques Vidrinekshell stream tcp nowait root /usr/libexec/rshd rshd -k 1464137ff4cSJacques Vidrineekshell stream tcp nowait root /usr/libexec/rshd rshd -kx 1474137ff4cSJacques Vidrine.Ed 1484137ff4cSJacques Vidrine.\".Sh DIAGNOSTICS 1494137ff4cSJacques Vidrine.Sh SEE ALSO 1504137ff4cSJacques Vidrine.Xr rsh 1 , 1514137ff4cSJacques Vidrine.Xr iruserok 3 1524137ff4cSJacques Vidrine.\".Sh STANDARDS 1534137ff4cSJacques Vidrine.Sh HISTORY 1544137ff4cSJacques VidrineThe 1554137ff4cSJacques Vidrine.Nm 1564137ff4cSJacques Vidrinecommand appeared in 1574137ff4cSJacques Vidrine.Bx 4.2 . 1584137ff4cSJacques Vidrine.Sh AUTHORS 1594137ff4cSJacques VidrineThis implementation of 1604137ff4cSJacques Vidrine.Nm 1614137ff4cSJacques Vidrinewas written as part of the Heimdal Kerberos 5 implementation. 1624137ff4cSJacques Vidrine.\".Sh BUGS 163