HP-UX Reference (11i v2 03/08) - 1M System Administration Commands N-Z (vol 4)
r
remshd(1M) remshd(1M)
7. The server reads the server’s host account name from the first connection. This is a null-
terminated sequence not exceeding 16 characters.
8. The server reads a command to be passed to the shell from the first connection. The command
length is limited by the maximum size of the system’s argument list.
9.
remshd then validates the user as follows (all actions take place on the host
remshd runs
on):
a. It looks up the user account name (retrieved in step 6) in the password file. If it finds it,
it performs a
chdir() to either the user’s home directory, if there is one, or to "/."
b. If either the lookup or
chdir() fails, the connection is terminated (see chdir(2)).
c. The connection is also terminated if
• the account accessed is administratively locked. The account can be locked by enter-
ing a character in the password field that is not part of the set of digits (such as *).
The characters used to represent "digits" are ‘.’ for 0, / for 1, 0 through 9 for 2
through 11, ‘A through Z’ for 12 through 37, and ‘a through z’ for 38 through 63.
(See also passwd(4)).
• in a non-secure environment, the account accessed is protected by a password and,
either the password expired or the account on the client’s host is not equivalent to
the account accessed.
• in a secure environment, the command line options decide whether connection is to
be terminated.
-K if Kerberos authorization does not succeed the connection is terminated (see
sis(5) for details on authorization).
-R if the client’s host is not equivalent to the account accessed, the connection is
terminated.
-r if the account is not equivalent to the account accessed, then Kerberos authori-
zation has to succeed or the connection is terminated.
-k if Kerberos authorization fails, then the account has to be equivalent or the
connection is terminated. For more information on equivalent accounts, see
hosts.equiv (4).
10. A null byte is returned on the primary connection and the command line is passed to the nor-
mal login shell of the user with that shell’s
-c
option. The shell inherits the network connec-
tions established by
remshd and assumes the normal user and group permissions of the user.
remshd uses the following path when executing the specified command:
/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
11. If a secondary socket has been set up, remshd normally exits when command standard error
and secondary socket standard error have both been closed. If no secondary socket was set up,
remshd has called an exec(2) function, launched the command process, and is no longer
present.
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with standard error after which any
network connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in
step 9 above upon successful completion of all the steps before the command execution).
Malformed from address
The first socket connection does not use a reserved port or the client’s host address is not an Internet
address.
Can’t get stderr port
Unable to complete the connection of the secondary socket used for error communication.
Second port not reserved
The secondary socket connection does not use a reserved port.
Section 1M−−664 Hewlett-Packard Company − 3 − HP-UX 11i Version 2: August 2003