Manualshelf

HP-UX Reference (11i v1 00/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
211212213214215216217218219220
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man1m/naaagt.1m
________________________________________________________________
___ ___
r
rexecd(1M) rexecd(1M)
NAME
rexecd - remote execution server
SYNOPSIS
/usr/lbin/rexecd [-n ][-s ]
DESCRIPTION
rexecd is the server for the rexec(3N) routine; it expects to be started by the internet daemon (see
inetd(1M)). rexecd provides remote execution facilities with authentication based on user account names
and unencrypted passwords.
inetd(1M) calls rexecd when a service request is received at the port indicated for the ‘‘exec’’ service
specification in /etc/services; see services(4). To run rexecd, the following line should be present in
/etc/inetd.conf:
exec stream tcp nowait root /usr/lbin/rexecd rexecd
See inetd.conf(4) for more information.
Options:
rexecd recognizes the following options.
-n Disable transport-level keep-alive messages. By default, the messages are enabled. The keep-
alive messages allow sessions to time out if the client crashes or becomes unreachable.
-s This option is used in multi-homed NIS systems. It disables remshd from doing a reverse
lookup of the client’s IP address; see gethostbyname(3N) for more information. It can be used to
circumvent an NIS limitation with multi-homed hosts.
When a service request is received, the following protocol is initiated:
1. The server reads characters from the socket up to a null (
\0) byte. The resultant string is inter-
preted as an ASCII number, base 10.
2. If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary
stream to be used for the
stderr. A second connection is then created to the specified port on
the client’s host. If the first character sent is a null (\0), no secondary connection is made and
the
stderr of the command is sent to the primary stream. If the secondary connection has been
made, rexecd interprets bytes it receives on that socket as signal numbers and passes them to
the command as signals (see signal(2)).
3. A null-terminated user name of not more than 16 characters is retrieved on the initial socket.
4. A null-terminated, unencrypted, password of not more than 16 characters is retrieved on the ini-
tial socket.
5. A null-terminated command to be passed to a shell is retrieved on the initial socket. The length
of the command is limited by the upper bound on the size of the system’s argument list.
6. rexecd then validates the user as is done by login (see login(1)). But it does not use any PAM
modules of login for authentication. If the authentication succeeds, rexecd changes to the
user’s home directory and establishes the user and group protections of the user. If any of these
steps fail, rexecd returns a diagnostic message through the connection, then closes the connec-
tion.
7. A null byte is returned on the connection associated with stderr and the command line is
passed to the normal login shell of the user with that shell’s -c option. The shell inherits the net-
work connections established by
rexecd.
rexecd uses the following path when executing the specified command:
/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
Transport-level keepalive messages are enabled unless the -n option is present. The use of keepalive mes-
sages allows sessions to be timed out if the client crashes or becomes unreachable.
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with the stderr, after which any net-
work connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step
7 above upon successful completion of all the steps prior to the command execution).
Section 1M712 1 HP-UX Release 11i: December 2000
___
___