HP-UX Reference (11i v2 03/08) - 1M System Administration Commands N-Z (vol 4)
r
rexecd(1M) rexecd(1M)
NAME
rexecd - remote execution server
SYNOPSIS
/usr/lbin/rexecd
[ -n ][-m ][
-s ][-S ]
DESCRIPTION
rexecd is the server for the rexec
() routine, and the rexec_af() routine in case of IPv6 systems; it
expects to be started by the internet daemon (see inetd(1M)).
rexecd provides remote execution facili-
ties with authentication based on user account names and unencrypted passwords.
inetd(1M) calls
rexecd when a service request is received at the port indicated for the ‘‘exec’’ service
specification in /etc/services
; see services (4). To run rexecd
, the following line should be present
in
/etc/inetd.conf
:
exec stream tcp nowait root /usr/lbin/rexecd rexecd
The above configuration line will start
rexecd in IPv4 mode. To run rexecd in IPv6 mode, the fol-
lowing line must be present in the
/etc/inetd.conf
file:
exec stream tcp6 nowait root /usr/lbin/rexecd rexecd
Note: For IPv6 applications, the protocol
tcp has to be changed to tcp6. See inetd.conf (4) for more
information.
Options
rexecd recognizes the following options.
-m With this option enabled, rexecd returns immediately after its child process gets killed; it
does not wait for all its sub child processes to die. This in turn makes rexec not to wait even
when the sub child processes are running remotely. As a result,
rexec will not appear hung.
It is recommended that users do not use -m option, if they want rexecd to wait until the com-
pletion of all the sub child processes. Otherwise, the user may not get an expected result. This
option is applicable only to rexec with a secondary socket connection.
-n Disable transport-level keep-alive messages. By default, the messages are enabled. The keep-
alive messages allow sessions to time out if the client crashes or becomes unreachable.
-s This option is used in multi-homed NIS systems. It disables rexecd from doing a reverse
lookup of the client’s IP address; see gethostbyname(3N) for more information. It can be used
to circumvent an NIS limitation with multi-homed hosts.
-S With this option, rexec disallows logging in as a superuser.
When a service request is received, the following protocol is initiated:
1. The server reads characters from the socket up to a null (
\0
) byte. The resultant string is
interpreted as an ASCII number, base 10.
2. If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary
stream to be used for the
stderr. A second connection is then created to the specified port on
the client’s host. If the first character sent is a null (\0), no secondary connection is made and
the stderr of the command is sent to the primary stream. If the secondary connection has
been made, rexecd interprets bytes it receives on that socket as signal numbers and passes
them to the command as signals (see signal(2)).
3. A null-terminated user name of not more than 16 characters is retrieved on the initial socket.
4. A null-terminated, unencrypted, password of not more than 16 characters is retrieved on the
initial socket.
5. A null-terminated command to be passed to a shell is retrieved on the initial socket. The length
of the command is limited by the upper bound on the size of the system’s argument list.
6.
rexecd then validates the user, as is done by login using PAM modules for authentication.
Refer to the login(1) manpage for more information. If the authentication succeeds, rexecd
changes to the user’s home directory and establishes the user and group protections of the user.
If any of these steps fail, rexecd returns a diagnostic message through the connection, then
closes the connection.
HP-UX 11i Version 2: August 2003 − 1 − Hewlett-Packard Company Section 1M−−675