iucvtty(8) | IUCV terminal applications | iucvtty(8) |
iucvtty - allow remote logins over z/VM IUCV
iucvtty [-h|--help]
iucvtty [-v|--version]
iucvtty [-a|--allow-from regex] terminal_id
[-- login_program [login_options]]
The iucvtty application provides full-screen terminal access to a Linux instance running as a z/VM guest operating system. The iucvconn application is used to connect to a running iucvtty instance.
The terminal connection is based on the z/VM Inter-User Communication Vehicle (IUCV). z/VM IUCV establishes a communication path between two z/VM guest virtual machines on the same z/VM instance. Because z/VM IUCV is independent from TCP/IP, Linux instances with no external network can be accessed.
terminal_id identifies the z/VM IUCV connection and is similar to a port number in TCP/IP communications. terminal_id is case-sensitive and consists of up to 8 alphanumeric characters. It must be specified as a parameter in connection requests against a iucvtty instance.
When a connection is established, iucvtty starts a login program. When the login program ends, iucvtty also exits. Consider an inittab(5) entry to ensure that iucvtty is restarted and ready for the next terminal session.
To allow remote logins using the terminal identifier "lnxterm":
iucvtty lnxterm
To only allow users from LNXSYS01 to connect to terminal "lnxterm":
iucvtty -a LNXSYS01 lnxterm
To only allow users from LNXSYS10 through LNXSYS19 to connect to terminal "lnxterm":
iucvtty -a "LNXSYS1[0-9]" lnxterm
To use /sbin/sulogin instead of /bin/login for terminal "suterm":
iucvtty suterm -- /sbin/sulogin
An entry in /etc/inittab to facilitate user logins on terminal "lnxterm" with /bin/login could be:
t1:2345:respawn:/sbin/iucvtty lnxterm
An entry in /etc/inittab to facilitate user logins on terminal "suterm" with /sbin/sulogin in single user mode could be:
s1:S:respawn:/sbin/iucvtty suterm -- /sbin/sulogin
If the Linux kernel does not include kernel support for the AF_IUCV network addressing family, iucvtty exits and displays the message 'AF_IUCV address family is not available: Address family not supported by protocol'.
The iucvtty program can be used by regular users. Depending on the particular login program, iucvtty must be started with superuser privileges for user authentication and authorization. For instance, /bin/login requires superuser privileges and, thus, regular users must use a different login program.
Each connection attempt is logged to the authpriv syslog facility.
iucvtty uses pseudo-terminal (pts) devices to communicate with the login program. For security reasons, some login programs, like /bin/login, do not permit root logins on pseudo-terminal devices (see also /etc/securetty(5)).
To permit root logins, consider using HVC terminal devices that are provided by the z/VM IUCV hypervisor console (HVC) device driver.
See the af_iucv(7) manual page for details about IUCV authorizations.
iucvconn(1), login(1), pts(4), regex(7), securetty(5), af_iucv(7), hvc_iucv(9)
March 2009 | s390-tools |