HP-UX Reference (11i v1 05/09) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

221

222

223

224

225

226

227

228

229

230

remshd(1M) remshd(1M)

4. The server checks the client’s source address and requests the corresponding host name (see

named(1M), gethostbyaddr(3N), and hosts(4)). If it cannot determine the hostname, it uses the

dot-notation representation of the host address.

5. In a secure environment,

remshd

performs authentication based on Kerberos V5. See sis(5) for

details.

6. The server reads the client’s host account name from the ﬁrst connection. This is a null-

terminated sequence not exceeding 16 characters.

7. The server reads the server’s host account name from the ﬁrst connection. This is a null-

terminated sequence not exceeding 16 characters.

8. The server reads a command to be passed to the shell from the ﬁrst connection. The command

length is limited by the maximum size of the system’s argument list.

remshd then validates the user as follows (all actions take place on the host

remshd runs on):

a. It looks up the user account name (retrieved in step 6) in the password ﬁle. If it ﬁnds it, it

performs a

chdir() to either the user’s home directory, if there is one, or to "/."

b. If either the lookup or chdir() fails, the connection is terminated (see chdir(2)).

c. The connection is also terminated if

• the account accessed is administratively locked. The account can be locked by enter-

ing a character in the password ﬁeld that is not part of the set of digits (such as *).

The characters used to represent "digits" are ‘.’ for 0, / for 1, 0 through 9 for 2 through

11, ‘A through Z’ for 12 through 37, and ‘a through z’ for 38 through 63. (See also

passwd(4)).

• in a non-secure environment, the account accessed is protected by a password and,

either the password expired or the account on the client’s host is not equivalent to the

account accessed.

• in a secure environment, the command line options decide whether connection is to be

terminated.

-K if Kerberos authorization does not succeed the connection is terminated (see

sis(5) for details on authorization).

-R if the client’s host is not equivalent to the account accessed, the connection is ter-

minated.

-r if the account is not equivalent to the account accessed, then Kerberos authoriza-

tion has to succeed or the connection is terminated.

-k if Kerberos authorization fails, then the account has to be equivalent or the con-

nection is terminated. For more information on equivalent accounts, see

hosts.equiv(4).

10. A null byte is returned on the primary connection and the command line is passed to the normal

established by remshd and assumes the normal user and group permissions of the user.

remshd uses the following path when executing the speciﬁed command:

/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin

11. If a secondary socket has been set up, remshd normally exits when command standard error

and secondary socket standard error have both been closed. If no secondary socket was set up,

remshd has called an exec(2) function, launched the command process, and is no longer present.

DIAGNOSTICS

All diagnostic messages are returned on the connection associated with standard error after which any net-

work connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step

9 above upon successful completion of all the steps before the command execution).

Malformed from address

The ﬁrst socket connection does not use a reserved port or the client’s host address is not an Internet

address.

HP-UX 11i Version 1: September 2005 − 3 − Hewlett-Packard Company Section 1M−−739