krlogind Daemon

Purpose

Provides the server function for the rlogin command.

Syntax

/usr/sbin/krlogind [ -n ] [ -s ]

Note: The krlogind daemon is normally started by the inetd daemon. It can also be controlled from the command line, using SRC commands.

Description

The /usr/sbin/krlogind daemon is the server for the rlogin remote login command. The server provides a remote login facility.

Changes to the krlogind daemon can be made by using Web-based System Manager, the System Management Interface Tool (SMIT) or System Resource Controller (SRC), by editing the /etc/inetd.conf or /etc/services file. Entering krlogind at the command line is not recommended. The krlogind daemon is started by default when it is uncommented in the /etc/inetd.conf file.

The inetd daemon get its information from the /etc/inetd.conf file and the /etc/services file.

After changing the /etc/inetd.conf or /etc/services file, run the refresh -s inetd or kill -1 InetdPID command to inform the inetd daemon of the changes to its configuration file.

Service Request Protocol

When the krlogind daemon receives a service request, the daemon initiates the following protocol:

  1. The krlogind daemon checks the source port number for the request. If the port number is not in the range 512 through 1023, the krlogind daemon terminates the connection.
  2. The krlogind daemon uses the source address of the initial connection request to determine the name of the client host. If the name cannot be determined, the krlogind daemon uses the dotted-decimal representation of the client host address.
  3. The krshd daemon attempts to validate the user using the following steps:
    • makes sure that Kerberos 5 is a valid authentication method if the incoming ticket is a Kerberos 5 ticket. If the incoming ticket is a Kerberos 4 ticket, the connection fails. Kerberos 4 is not supported for rlogin.
    • calls kvalid_user with the local account name as well as the DCE principal.

Error Messages

The following error messages are associated with the krlogind daemon:

Item Description
Try again A fork command made by the server has failed.
/usr/bin/shell: No shell. The shell specified for the shell variable cannot be started. The shell variable may also be a program.

Flags

Item Description
-n Disables transport-level keep-alive messages. The messages are enabled by default.
-s Turns on socket level debugging.

Manipulating the krshd Daemon

The krshd daemon is a subserver of the inetd daemon, which is a subsystem of the System Resource Controller (SRC). The krshd daemon is a member of the tcpip SRC subsystem group. Using the chauthent command will comment/uncomment the kshell line in the /etc/inetd.conf file and restart the inetd daemon depending on whether Kerberos 5 or Kerberos 4 is configured/unconfigured. This daemon should be manipulated using the chauthent/lsauthent commands. Direct modification of the inetd.conf file's kshell entry in not recommended.