| RLOGIND(8) | System Manager's Manual | RLOGIND(8) | 
rlogind —
| rlogind | [ -alnL] | 
rlogind is the server for the
  rlogin(1) program. The server
  provides a remote login facility with authentication based on privileged port
  numbers from trusted hosts.
Options supported by rlogind:
-a-l-n-Lauth.info messages.rlogind listens for service requests at
    the port indicated in the ``login'' service specification; see
    services(5). When a service
    request is received the following protocol is initiated:
-a option is given, the addresses for the hostname
      are requested, verifying that the name and address correspond. Normal
      authentication is bypassed if the address verification fails.Once the source port and address have been checked,
    rlogind proceeds with the authentication process
    described in rshd(8). It then
    allocates a pseudo terminal (see
    pty(4)), and manipulates file
    descriptors so that the slave half of the pseudo terminal becomes the
    stdin, stdout, and
    stderr for a login process. The login process is an
    instance of the login(1)
    program, invoked with the -f option if
    authentication has succeeded. If automatic authentication fails, the user is
    prompted to log in as if on a standard terminal line.
The parent of the login process manipulates the master side of the
    pseudo terminal, operating as an intermediary between the login process and
    the client instance of the
    rlogin(1) program. In normal
    operation, the packet protocol described in
    pty(4) is invoked to provide
    ‘^S/^Q’ type facilities and propagate
    interrupt signals to the remote programs. The login process propagates the
    client terminal's baud rate and terminal type, as found in the environment
    variable,
    ‘TERM
Transport-level keepalive messages are enabled unless the
    -n option is present. The use of keepalive messages
    allows sessions to be timed out if the client crashes or becomes
    unreachable.
At the end of a login session, rlogind
    invokes the ttyaction(3)
    facility with an action of "rlogind" and user "root" to
    execute site-specific commands.
rlogind command appeared in
  4.2BSD.
A facility to allow all data exchanges to be encrypted should be present.
A more extensible protocol should be used.
rlogind intentionally rejects accesses
    from IPv4 mapped address on top of AF_INET6 socket,
    since IPv4 mapped address complicates host-address based authentication. If
    you would like to accept connections from IPv4 peers, you will need to run
    rlogind on top of AF_INET
    socket, not AF_INET6 socket.
| July 17, 2004 | NetBSD 10.1 |