.\" Things to fix:
.\"   * remove Op from mandatory flags
.\"   * use better macros for arguments (like .Pa for files)
.\"
.Dd July 31, 2001
.Dt RSHD 8
.Os HEIMDAL
.Sh NAME
.Nm rshd
.Nd
remote shell server
.Sh SYNOPSIS
.Nm
.Op Fl aiklnvxPL
.Op Fl p Ar port
.Sh DESCRIPTION
.Nm
is the server for
the
.Xr rsh 1
program. It provides an authenticated remote command execution
service.  Supported options are:
.Bl -tag -width Ds
.It Xo
.Fl n Ns ,
.Fl -no-keepalive
.Xc
Disables keep-alive messages. Keep-alives are packets sent a certain
interval to make sure that the client is still there, even when it
doesn't send any data.
.It Xo
.Fl k Ns ,
.Fl -kerberos
.Xc
Assume that clients connecting to this server will use some form of
Kerberos authentication. See the
.Sx EXAMPLES
section for a sample 
.Xr inetd.conf 5 
configuration.
.It Xo
.Fl x Ns ,
.Fl -encrypt
.Xc
For Kerberos 4 this means that the connections are encrypted. Kerberos
5 will negotiate encryption inline. This option implies
.Fl k .
.\".It Xo
.\".Fl l Ns ,
.\".Fl -no-rhosts
.\".Xc
.\"When using old port-based authentication, the user's
.\".Pa .rhosts
.\"files are normally checked. This options disables this.
.It Xo
.Fl v Ns ,
.Fl -vacuous
.Xc
If the connecting client does not use any Kerberised authentication,
print a message that complains about this fact, and exit. This is
helpful if you want to move away from old port-based authentication.
.It Xo
.Fl P
.Xc
When using the AFS filesystem, users' authentication tokens are put in
something called a PAG (Process Authentication Group). Multiple
processes can share a PAG, but normally each login session has its own
PAG. This option disables the
.Fn setpag
call, so all tokens will be put in the default (uid-based) PAG, making
it possible to share tokens between sessions. This is only useful in
peculiar environments, such as some batch systems.
.It Xo
.Fl i Ns ,
.Fl -no-inetd
.Xc
The 
.Fl i 
option will cause
.Nm 
to create a socket, instead of assuming that its stdin came from 
.Xr inetd 8 .
This is mostly useful for debugging.
.It Xo
.Fl p Ar port Ns ,
.Fl -port= Ns Ar port
.Xc
Port to use with 
.Fl i .
.It Xo
.Fl a
.Xc
This flag is for backwards compatibility only.
.It Xo
.Fl L
.Xc
This flag enables logging of connections to
.Xr syslogd 8 . 
This option is always on in this implementation.
.El
.\".Sh ENVIRONMENT
.Sh FILES
.Bl -tag -width /etc/hosts.equiv -compact
.It Pa /etc/hosts.equiv
.It Pa ~/.rhosts
.El
.Sh EXAMPLES
The following can be used to enable Kerberised rsh in
.Xr inetd.cond 5 , 
while disabling non-Kerberised connections:
.Bd -literal
shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v
kshell  stream  tcp  nowait  root  /usr/libexec/rshd  rshd -k
ekshell stream  tcp  nowait  root  /usr/libexec/rshd  rshd -kx
.Ed
.\".Sh DIAGNOSTICS
.Sh SEE ALSO
.Xr rsh 1 ,
.Xr iruserok 3
.\".Sh STANDARDS
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.2 .
.Sh AUTHORS
This implementation of
.Nm
was written as part of the Heimdal Kerberos 5 implementation.
.\".Sh BUGS