Add heimdal-0.6.3

[dragonfly.git] / crypto / heimdal-0.6.3 / appl / rsh / rshd.cat8

RSHD(8)                  UNIX System Manager's Manual                  RSHD(8)

N\bNA\bAM\bME\bE
     r\brs\bsh\bhd\bd - remote shell server

S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
     r\brs\bsh\bhd\bd [-\b-a\bai\bik\bkl\bln\bnv\bvx\bxP\bPL\bL] [-\b-p\bp _\bp_\bo_\br_\bt]

D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
     r\brs\bsh\bhd\bd is the server for the rsh(1) program. It provides an authenticated
     remote command execution service.  Supported options are:

     -\b-n\bn, -\b--\b-n\bno\bo-\b-k\bke\bee\bep\bpa\bal\bli\biv\bve\be
             Disables keep-alive messages.  Keep-alives are packets sent at
             certain intervals to make sure that the client is still there,
             even when it doesn't send any data.

     -\b-k\bk, -\b--\b-k\bke\ber\brb\bbe\ber\bro\bos\bs
             Assume that clients connecting to this server will use some form
             of Kerberos authentication. See the _\bE_\bX_\bA_\bM_\bP_\bL_\bE_\bS section for a sample
             inetd.conf(5) configuration.

     -\b-x\bx, -\b--\b-e\ben\bnc\bcr\bry\byp\bpt\bt
             For Kerberos 4 this means that the connections are encrypted.
             Kerberos 5 can negotiate encryption even without this option, but
             if it's present r\brs\bsh\bhd\bd will deny unencrypted connections. This op-
             tion implies -\b-k\bk.

     -\b-v\bv, -\b--\b-v\bva\bac\bcu\buo\bou\bus\bs
             If the connecting client does not use any Kerberised authentica-
             tion, print a message that complains about this fact, and exit.
             This is helpful if you want to move away from old port-based au-
             thentication.

     -\b-P\bP      When using the AFS filesystem, users' authentication tokens are
             put in something called a PAG (Process Authentication Group).
             Multiple processes can share a PAG, but normally each login ses-
             sion has its own PAG. This option disables the s\bse\bet\btp\bpa\bag\bg() call, so
             all tokens will be put in the default (uid-based) PAG, making it
             possible to share tokens between sessions. This is only useful in
             peculiar environments, such as some batch systems.

     -\b-i\bi, -\b--\b-n\bno\bo-\b-i\bin\bne\bet\btd\bd
             The -\b-i\bi option will cause r\brs\bsh\bhd\bd to create a socket, instead of as-
             suming that its stdin came from inetd(8).  This is mostly useful
             for debugging.

     -\b-p\bp _\bp_\bo_\br_\bt, -\b--\b-p\bpo\bor\brt\bt=\b=_\bp_\bo_\br_\bt
             Port to use with -\b-i\bi.

     -\b-a\ba      This flag is for backwards compatibility only.

     -\b-L\bL      This flag enables logging of connections to syslogd(8).  This op-
             tion is always on in this implementation.

F\bFI\bIL\bLE\bES\bS
     /etc/hosts.equiv
     ~/.rhosts

E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
     The following can be used to enable Kerberised rsh in inetd.cond(5),
     while disabling non-Kerberised connections:

     shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
     kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
     ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx

S\bSE\bEE\bE A\bAL\bLS\bSO\bO
     rsh(1),  iruserok(3)

H\bHI\bIS\bST\bTO\bOR\bRY\bY
     The r\brs\bsh\bhd\bd command appeared in 4.2BSD.

A\bAU\bUT\bTH\bHO\bOR\bRS\bS
     This implementation of r\brs\bsh\bhd\bd was written as part of the Heimdal Kerberos 5
     implementation.

 HEIMDAL                       November 22, 2002                             2