Manualshelf

HP-UX Remote Access Services Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
11121314151617181920
Secure Environment Authentication
In a Kerberos V5 network authentication environment, rlogin uses the Kerberos V5
protocol to authenticate the connection to a remote host. If the authentication is
successful, user authorization is performed according to the rlogind command-line
options (that is, -K, -R, -k, or -r). You do not require a password to log in to a remote
host in a Kerberos authentication environment. The Kerberos protocol is responsible
for authenticating the remote connection. In a Kerberos environment, a password,
which is confidential information, is not sent over the network for authentication. This
is one of the advantages of a secure environment. Fore more information on Kerberos
authentication and authorization, type man 5 sis (the Secure Internet Services
manpage) or man 1M rlogind at the HP-UX prompt.
Kerberos-Specific Options
You can set the default Kerberos options in the configuration file /etc/krb5.conf.
You can set the -f and -F options with the tag names forward and forwardable,
respectively, and set the fallback option within the appdefaults section in the
krb5.conf file. If you set the fallback option to true and the Kerberos authentication
fails, rlogin uses the non-secure mode for authentication. The -f and -F options are
mutually exclusive. For more information, type man 4 krb5.conf at the HP-UX
prompt.
For more information on rlogin, type man 1 rlogin at the HP-UX prompt.
The rlogind Program
rlogind is the server for the rlogin program. It provides remote login facility with
the following authentication methods:
Authentication based on privileged port numbers, where the client’s source port
must be in the range 512 through 1023. In this case, rlogind operates in the
traditional, or non-secure, environment.
Authentication based on Kerberos V5. In this case, rlogind operates in a Kerberos
V5 network authentication, that is, in a secure environment.
The inetd daemon invokes rlogind when a service request is received at ports
indicated by the login or klogin services. These services are specified in the
/etc/services file. For more information, type man 1M inetd or man 4 services
at the HP-UX prompt. Service requests arriving at the klogin port are in a secure
environment and Kerberos V5 handles the authentication of services.
Starting rlogind
To start rlogind from the inetd deamon in the IPv4 mode, perform the following
action:
In a non-secure environment, you must add the following entry to the
/etc/inetd.conf configuration file:
R-Commands 19