rlogind, in.rld - remote login server

     login stream tcp nowait root /usr/sbin/in.rld in.rld
     tcpd login /usr/sbin/in.rld

     Rlogind is the server for the rlogin(1) program.  The server  provides  a
     remote  login  facility  with  authentication  based  on  privileged port
     numbers from trusted hosts.

     Rlogind listens for  service  requests  at  the  port  indicated  in  the
     ``login'' service specification; see services(5).  When a service request
     is received the following protocol is initiated:

     1)   The server checks the client's source port.  If the port is  not  in
          the range 0-1023, the server aborts the connection.

     2)   The server checks the  client's  source  address  and  requests  the
          corresponding   host   name   (see  gethostbyaddr(3),  hosts(5)  and
          named(8)).  If the hostname cannot be determined,  the  dot-notation
          representation of the host address is used.

     Once the source port and address have been checked, rlogind  allocates  a
     pseudo  terminal  (see  tty(4)), and manipulates file descriptors so that
     the slave half of the pseudo terminal becomes the stdin ,  stdout  ,  and
     stderr  for  a  login  process.   The login process is an instance of the
     login(1) program, invoked with the -r option.   The  login  process  then
     proceeds  with the authentication process as described in rshd(8), but if
     automatic authentication fails, it reprompts the user  to  login  as  one
     finds on a standard terminal line.

     The parent of the login process manipulates the master side of the pseduo
     terminal,  operating as an intermediary between the login process and the
     client instance of the rlogin program.  In normal operation,  the  packet
     protocol  described in tty(4) is invoked to provide ^S/^Q type facilities
     and propagate interrupt  signals  to  the  remote  programs.   The  login
     process  propagates the client terminal's baud rate and terminal type, as
     found in the environment variable, ``TERM''; see environ(7).  The  screen
     or  window  size of the terminal is requested from the client, and window
     size changes from the client are propagated to the pseudo terminal.


     All diagnostic messages are returned on the  connection  associated  with
     the  stderr, after which any network connections are closed.  An error is
     indicated by a leading byte with a value of 1.

     ``Try again.''
     A fork by the server failed.

     ``/bin/sh: ...''
     The user's login shell could not be started.

     The authentication procedure used here  assumes  the  integrity  of  each
     client  machine  and  the  connecting  medium.   This is insecure, but is
     useful in an ``open'' environment.

     A facility to allow all data exchanges to be encrypted should be present.

     A more extensible protocol should be used.