HP-UX Reference (11i v2 03/08) - 1M System Administration Commands N-Z (vol 4)
r
remshd(1M) remshd(1M)
-s This option is used in multi-homed NIS systems. It disables
remshd from doing a reverse
lookup of the client’s IP address; see gethostbyname(3N). It can be used to circumvent an NIS
limitation with multi-homed hosts.
In a secure environment,
remshd will recognize the following additional options:
-c Ignore checksum verification. This option is used to achieve interoperability between clients
and servers using different checksum calculation methods. For example, the checksum calcu-
lation in a application developed with Kerberos V5 Beta 4 API is different from the calculation
in a Kerberos V5-1.0 application.
-K Authorization based on Kerberos V5 must succeed or access will be rejected (see sis(5) for
details on authorization).
-R Authentication based on privileged port numbers and authorization of the remote user through
equivalent accounts must succeed. For more information on equivalent accounts, see
hosts.equiv (4).
-r Either one of the following must succeed. The order in which the authorization checks are
done is as specified below.
1. Authentication based on privileged port numbers and authorization of the remote user
through equivalent accounts (see hosts.equiv (4)).
2. Authorization based on Kerberos V5.
-k Either one of the following must succeed. The order in which the authorization checks are
done is as specified below.
1. Authorization based on Kerberos V5.
2. Authentication based on privileged port numbers and authorization of the remote user
through equivalent accounts.
Note: The
-k option is ignored when used with -K, and the -r option is ignored when used
with -R. The default option is -K.
Operation
When
remshd receives a service request, it responds with the following protocol:
1. The server checks the client’s source port. If the port is not a privileged port, i.e., in the range
512 through 1023, and
remshd is operating in a non-secure environment, the connection is
terminated. In a secure environment, the action taken depends on the command line options:
-R The source port must be a privileged port otherwise the connection is terminated.
-r If the source port is not a privileged port then authorization based on Kerberos must
succeed or the connection is terminated.
-k The source port must be a privileged port if Kerberos authorization fails.
-K No action is taken.
2. The server reads characters from the connection up to a null (
\0) byte. It interprets the
resulting string as an ASCII number, base 10.
3. If the number is non-zero, it is interpreted as the port number of a secondary stream to be
used for standard error. A second connection is then created to the specified port on the
client’s host. (The source port of this second connection will also be checked as specified in
item 1.) If the first character sent is a null (
\0), no secondary connection is made, and the
standard error from the command is sent to the primary stream. If the secondary connection
has been made, remshd interprets bytes it receives on that socket as signal numbers and
passes them to the command as signals. See signal(2).
4. The server checks the client’s source address and requests the corresponding host name (see
named(1M), gethostbyaddr(3N), and hosts(4)). If it cannot determine the hostname, it uses
the dot-notation representation of the host address.
5. In a secure environment,
remshd performs authentication based on Kerberos V5. See sis(5)
for details.
6. The server reads the client’s host account name from the first connection. This is a null-
terminated sequence not exceeding 16 characters.
HP-UX 11i Version 2: August 2003 − 2 − Hewlett-Packard Company Section 1M−−663