NAME¶

SYNOPSIS¶

DESCRIPTION¶

-n, --no-keepalive

Disables keep-alive messages. Keep-alives are packets sent at certain intervals to make sure that the client is still there, even when it doesn't send any data.

-k, --kerberos

Assume that clients connecting to this server will use some form of Kerberos authentication. See the EXAMPLES section for a sample inetd.conf(5) configuration.

-x, --encrypt

For Kerberos 4 this means that the connections are encrypted. Kerberos 5 can negotiate encryption even without this option, but if it's present rshd will deny unencrypted connections. This option implies -k.

-v, --vacuous

If the connecting client does not use any Kerberised authentication, print a message that complains about this fact, and exit. This is helpful if you want to move away from old port-based authentication.

-P

When using the AFS filesystem, users' authentication tokens are put in something called a PAG (Process Authentication Group). Multiple processes can share a PAG, but normally each login session has its own PAG. This option disables the setpag() call, so all tokens will be put in the default (uid-based) PAG, making it possible to share tokens between sessions. This is only useful in peculiar environments, such as some batch systems.

-i, --no-inetd

The -i option will cause rshd to create a socket, instead of assuming that its stdin came from inetd(8). This is mostly useful for debugging.

-p port, --port=port

Port to use with -i.

-a

This flag is for backwards compatibility only.

-L

This flag enables logging of connections to syslogd(8). This option is always on in this implementation.

FILES¶

/etc/hosts.equiv

 

~/.rhosts

 

EXAMPLES¶

shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v 
kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k 
ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx

SEE ALSO¶

HISTORY¶

AUTHORS¶