xref: /freebsd/crypto/heimdal/appl/rsh/rshd.8 (revision b52b9d56d4e96089873a75f9e29062eec19fabba) 
1.\" Things to fix:
2.\"   * remove Op from mandatory flags
3.\"   * use better macros for arguments (like .Pa for files)
4.\"
5.Dd July 31, 2001
6.Dt RSHD 8
7.Os HEIMDAL
8.Sh NAME
9.Nm rshd
10.Nd
11remote shell server
12.Sh SYNOPSIS
13.Nm
14.Op Fl aiklnvxPL
15.Op Fl p Ar port
16.Sh DESCRIPTION
17.Nm
18is the server for
19the
20.Xr rsh 1
21program. It provides an authenticated remote command execution
22service.  Supported options are:
23.Bl -tag -width Ds
24.It Xo
25.Fl n Ns ,
26.Fl -no-keepalive
27.Xc
28Disables keep-alive messages. Keep-alives are packets sent a certain
29interval to make sure that the client is still there, even when it
30doesn't send any data.
31.It Xo
32.Fl k Ns ,
33.Fl -kerberos
34.Xc
35Assume that clients connecting to this server will use some form of
36Kerberos authentication. See the
37.Sx EXAMPLES
38section for a sample
39.Xr inetd.conf 5
40configuration.
41.It Xo
42.Fl x Ns ,
43.Fl -encrypt
44.Xc
45For Kerberos 4 this means that the connections are encrypted. Kerberos
465 will negotiate encryption inline. This option implies
47.Fl k .
48.\".It Xo
49.\".Fl l Ns ,
50.\".Fl -no-rhosts
51.\".Xc
52.\"When using old port-based authentication, the user's
53.\".Pa .rhosts
54.\"files are normally checked. This options disables this.
55.It Xo
56.Fl v Ns ,
57.Fl -vacuous
58.Xc
59If the connecting client does not use any Kerberised authentication,
60print a message that complains about this fact, and exit. This is
61helpful if you want to move away from old port-based authentication.
62.It Xo
63.Fl P
64.Xc
65When using the AFS filesystem, users' authentication tokens are put in
66something called a PAG (Process Authentication Group). Multiple
67processes can share a PAG, but normally each login session has its own
68PAG. This option disables the
69.Fn setpag
70call, so all tokens will be put in the default (uid-based) PAG, making
71it possible to share tokens between sessions. This is only useful in
72peculiar environments, such as some batch systems.
73.It Xo
74.Fl i Ns ,
75.Fl -no-inetd
76.Xc
77The
78.Fl i
79option will cause
80.Nm
81to create a socket, instead of assuming that its stdin came from
82.Xr inetd 8 .
83This is mostly useful for debugging.
84.It Xo
85.Fl p Ar port Ns ,
86.Fl -port= Ns Ar port
87.Xc
88Port to use with
89.Fl i .
90.It Xo
91.Fl a
92.Xc
93This flag is for backwards compatibility only.
94.It Xo
95.Fl L
96.Xc
97This flag enables logging of connections to
98.Xr syslogd 8 .
99This option is always on in this implementation.
100.El
101.\".Sh ENVIRONMENT
102.Sh FILES
103.Bl -tag -width /etc/hosts.equiv -compact
104.It Pa /etc/hosts.equiv
105.It Pa ~/.rhosts
106.El
107.Sh EXAMPLES
108The following can be used to enable Kerberised rsh in
109.Xr inetd.cond 5 ,
110while disabling non-Kerberised connections:
111.Bd -literal
112shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
113kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
114ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx
115.Ed
116.\".Sh DIAGNOSTICS
117.Sh SEE ALSO
118.Xr rsh 1 ,
119.Xr iruserok 3
120.\".Sh STANDARDS
121.Sh HISTORY
122The
123.Nm
124command appeared in
125.Bx 4.2 .
126.Sh AUTHORS
127This implementation of
128.Nm
129was written as part of the Heimdal Kerberos 5 implementation.
130.\".Sh BUGS
131