HP-UX Reference (11i v1 05/09) - 1M System Administration Commands N-Z (vol 4)
r
rexecd(1M) rexecd(1M)
NAME
rexecd - remote execution server
SYNOPSIS
/usr/lbin/rexecd
[ -n ][-m ][
-s ][-t ]
DESCRIPTION
rexecd is the server for the rexec() routine, and the
rexec_af() routine in case of IPv6 systems; it
expects to be started by the internet daemon (see inetd(1M)).
rexecd provides remote execution facilities
with authentication based on user account names and unencrypted passwords.
inetd(1M) calls
rexecd when a service request is received at the port indicated for the ‘‘exec’’ service
specification in /etc/services
; see services(4). To run
rexecd, the following line should be present in
/etc/inetd.conf
:
exec stream tcp nowait root /usr/lbin/rexecd rexecd
The above configuration line will start
rexecd in IPv4 mode. To run rexecd in IPv6 mode, the follow-
ing line must be present in the
/etc/inetd.conf file:
exec stream tcp6 nowait root /usr/lbin/rexecd rexecd
Note:
For IPv6 applications, the protocol
tcp has to be changed to tcp6. See inetd.conf(4) for more
information.
Options:
rexecd recognizes the following options.
-m With this option enabled, rexecd returns immediately after its child process gets killed; it does
not wait for all its sub child processes to die. This in turn makes rexec not to wait even when
the sub child processes are running remotely. As a result,
rexec will not appear hung. It is
recommended that users do not use -m option, if they want rexecd to wait until the comple-
tion of all the sub child processes. Otherwise, the user may not get an expected result. This
option is applicable only to rexec with a secondary socket connection.
-n Disable transport-level keep-alive messages. By default, the messages are enabled. The keep-
alive messages allow sessions to time out if the client crashes or becomes unreachable.
-s This option is used in multi-homed NIS systems. It disables rexecd from doing a reverse
lookup of the client’s IP address; see gethostbyname(3N) for more information. It can be used to
circumvent an NIS limitation with multi-homed hosts.
-t This option disables rexecd from logging client connections to the /var/adm/wtmp
file
when the client does not use a secondary stream. Examples of clients which do not use a secon-
dary stream include HP-UX’s
rcp and rdist.
When a service request is received, the following protocol is initiated:
1. The server reads characters from the socket up to a null (
\0) byte. The resultant string is inter-
preted as an ASCII number, base 10.
2. If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary
stream to be used for the
stderr. A second connection is then created to the specified port on
the client’s host. If the first character sent is a null (\0), no secondary connection is made and
the stderr of the command is sent to the primary stream. If the secondary connection has been
made, rexecd interprets bytes it receives on that socket as signal numbers and passes them to
the command as signals (see signal(2)).
3. A null-terminated user name of not more than 16 characters is retrieved on the initial socket.
4. A null-terminated, unencrypted, password of not more than 16 characters is retrieved on the ini-
tial socket.
5. A null-terminated command to be passed to a shell is retrieved on the initial socket. The length
of the command is limited by the upper bound on the size of the system’s argument list.
6. rexecd then validates the user, as is done by login using PAM modules for authentication.
Refer to the login(1) manpage for more information. If the authentication succeeds, rexecd
changes to the user’s home directory and establishes the user and group protections of the user.
If any of these steps fail, rexecd returns a diagnostic message through the connection, then
Section 1M−−756 Hewlett-Packard Company − 1 − HP-UX 11i Version 1: September 2005