NFS Services Administrator's Guide
Configuring and Using the Remote Execution Facility (REX)
Configuring REX
Chapter 7 285
To Configure REX Security
1. On each REX server, add the -r option to the line in
/etc/inetd.conf that starts the rexd daemon, as follows:
rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 \
rpc.rexd -r
2. Issue the following command to force inetd to reread
/etc/inetd.conf:
/usr/sbin/inetd -c
3. Add lines to the /etc/hosts.equiv file on the REX server to allow
REX clients to use the server,
or
have each REX user add lines to a .rhosts file in the user’s home
directory on the REX server to allow access from REX clients.
The -r option causes rexd to deny requests from a user on a REX client
unless the client is listed in /etc/hosts.equiv or the user’s
$HOME/.rhosts file on the REX server.
A line in the /etc/hosts.equiv or $HOME/.rhosts file has the following
syntax:
hostname [username]
For example, if user paula has accounts on REX clients broccoli and
cabbage and on REX server cauliflower, she would create a .rhosts
file in her home directory on cauliflower with the following lines:
broccoli paula
cabbage paula
CAUTION The /etc/hosts.equiv and $HOME/.rhosts files create a significant
security risk. Make sure these files and users’ home directories are
writable only by the owner.
For more information, see the man pages for rexd(1M) and
hosts.equiv(4).