summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/rsh/pathnames.h4
-rw-r--r--usr.bin/rsh/rsh.149
-rw-r--r--usr.bin/rsh/rsh.c17
3 files changed, 56 insertions, 14 deletions
diff --git a/usr.bin/rsh/pathnames.h b/usr.bin/rsh/pathnames.h
index 2c6550ce4a4..e23c6152dec 100644
--- a/usr.bin/rsh/pathnames.h
+++ b/usr.bin/rsh/pathnames.h
@@ -1,4 +1,5 @@
-/* * $OpenBSD: pathnames.h,v 1.2 1996/06/26 05:38:48 deraadt Exp $*/
+/* $OpenBSD: pathnames.h,v 1.3 2002/05/06 22:50:03 millert Exp $ */
+
/*
* Copyright (c) 1989 The Regents of the University of California.
* All rights reserved.
@@ -35,3 +36,4 @@
*/
#define _PATH_RLOGIN "/usr/bin/rlogin"
+#define _PATH_TELNET "/usr/bin/telnet"
diff --git a/usr.bin/rsh/rsh.1 b/usr.bin/rsh/rsh.1
index 14e0207a634..2a3cc23ead0 100644
--- a/usr.bin/rsh/rsh.1
+++ b/usr.bin/rsh/rsh.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: rsh.1,v 1.10 2001/06/23 23:15:37 hin Exp $
+.\" $OpenBSD: rsh.1,v 1.11 2002/05/06 22:50:03 millert Exp $
.\"
.\" Copyright (c) 1983, 1990 The Regents of the University of California.
.\" All rights reserved.
@@ -53,6 +53,14 @@ executes
on
.Ar hostname .
.Pp
+.Em Note:
+.Nm
+has been deprecated in favor of
+.Xr ssh 1 .
+Use of
+.Nm
+is discouraged due to the inherent insecurity of host-based authentication.
+.Pp
.Nm
copies its standard input to the remote command, the standard
output of the remote command to its standard output, and the
@@ -62,6 +70,12 @@ command;
.Nm
normally terminates when the remote command does.
.Pp
+.Nm
+first attempts to use the Kerberos authorization mechanism, described below.
+If the remote host does not support Kerberos the standard Berkeley
+.Pa rhosts
+authorization mechanism is used.
+.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl K
@@ -84,9 +98,6 @@ By default, the remote username is the same as the local username.
The
.Fl l
option allows the remote name to be specified.
-Kerberos authentication is used, and authorization is determined
-as in
-.Xr rlogin 1 .
.It Fl n
Redirect input from the special device
.Pa /dev/null
@@ -98,7 +109,10 @@ section of this manual page).
If no
.Ar command
is specified, you will be logged in on the remote host using
-.Xr rlogin 1 .
+.Nm rlogin
+if it exists on the system or
+.Xr telnet 1
+if not.
.Pp
If
.Nm
@@ -131,12 +145,33 @@ to
.\" directory /usr/hosts.
.\" If this directory is included in your search path, you can use the
.\" shorthand ``host command'' for the longer form ``rsh host command''.
+.Sh KERBEROS AUTHENTICATION
+If Kerberos is configured on the system, each user may have a private
+authorization list in the file
+.Pa .klogin
+in their home directory.
+Each line in this file should contain a Kerberos principal name of the form
+.Ar principal.instance@realm .
+If the originating user is authenticated to one of the principals named in
+.Pa .klogin ,
+access is granted to the account.
+The principal
+.Ar accountname.@localrealm
+is granted access if there is no
+.Pa .klogin
+file.
+Otherwise a login and password will be prompted for on the remote machine
+as in
+.Xr login 1 .
+To avoid certain security problems, the
+.Pa .klogin
+file must be owned by the remote user.
.Sh FILES
.Bl -tag -width /etc/hosts -compact
.It Pa /etc/hosts
.El
.Sh SEE ALSO
-.Xr rlogin 1 ,
+.Xr telnet 1 ,
.Xr kerberos 3 ,
.Xr krb_realmofhost 3 ,
.Xr krb_sendauth 3 ,
@@ -169,7 +204,7 @@ or
using
.Nm rsh ;
use
-.Xr rlogin 1
+.Xr telnet 1
instead.
.Pp
Stop signals stop the local
diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c
index 64b3bf31b55..4e390b43049 100644
--- a/usr.bin/rsh/rsh.c
+++ b/usr.bin/rsh/rsh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsh.c,v 1.25 2002/02/19 19:39:39 millert Exp $ */
+/* $OpenBSD: rsh.c,v 1.26 2002/05/06 22:50:03 millert Exp $ */
/*-
* Copyright (c) 1983, 1990 The Regents of the University of California.
@@ -41,7 +41,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)rsh.c 5.24 (Berkeley) 7/1/91";*/
-static char rcsid[] = "$OpenBSD: rsh.c,v 1.25 2002/02/19 19:39:39 millert Exp $";
+static char rcsid[] = "$OpenBSD: rsh.c,v 1.26 2002/05/06 22:50:03 millert Exp $";
#endif /* not lint */
#include <sys/types.h>
@@ -173,14 +173,19 @@ main(argc, argv)
if (!host && !(host = argv[optind++]))
usage();
- /* if no further arguments, must have been called as rlogin. */
+ /* if no command, login to remote host via rlogin or telnet. */
if (!argv[optind]) {
- if (asrsh)
- *argv = "rlogin";
seteuid(getuid());
setuid(getuid());
+ if (asrsh)
+ *argv = "rlogin";
execv(_PATH_RLOGIN, argv);
- (void)fprintf(stderr, "rsh: can't exec %s.\n", _PATH_RLOGIN);
+ if (errno == ENOENT) {
+ if (asrsh)
+ *argv = "telnet";
+ execv(_PATH_TELNET, argv);
+ }
+ (void)fprintf(stderr, "rsh: can't exec %s.\n", _PATH_TELNET);
exit(1);
}