HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)
r
remshd(1M) remshd(1M)
7. The server reads the server’s host account name from the first connection. This is a null-
terminated sequence not exceeding 16 characters.
8. The server reads a command to be passed to the shell from the first connection. The command
length is limited by the maximum size of the system’s argument list.
9. remshd then validates the user as follows (all actions take place on the host
remshd runs on):
a. It looks up the user account name (retrieved in step 6) in the password file. If it finds it, it
performs a
chdir() to either the user’s home directory, if there is one, or to "/."
b. If either the lookup or
chdir() fails, the connection is terminated (see chdir(2)).
c. The connection is also terminated if
• the account accessed is administratively locked. The account can be locked by entering
a character in the password field that is not part of the set of digits (such as *). The
characters used to represent "digits" are ‘.’ for 0, / for 1, 0 through 9 for 2 through 11,
‘A through Z’ for 12 through 37, and ‘a through z’ for 38 through 63. (See also
passwd(4)).
• in a non-secure environment, the account accessed is protected by a password and,
either the password expired or the account on the client’s host is not equivalent to the
account accessed.
• in a secure environment, the command line options decide whether connection is to be
terminated.
-K if Kerberos authorization does not succeed the connection is terminated (see
sis(5) for details on authorization).
-R if the client’s host is not equivalent to the account accessed, the connection is ter-
minated.
-r if the account is not equivalent to the account accessed, then Kerberos authoriza-
tion has to succeed or the connection is terminated.
-k if Kerberos authorization fails, then the account has to be equivalent or the con-
nection is terminated. For more information on equivalent accounts, see
hosts.equiv(4).
10. A null byte is returned on the primary connection and the command line is passed to the normal
login shell of the user with that shell’s -c option. The shell inherits the network connections
established by remshd and assumes the normal user and group permissions of the user.
remshd uses the following path when executing the specified command:
/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
11. If a secondary socket has been set up, remshd normally exits when command standard error
and secondary socket standard error have both been closed. If no secondary socket was set up,
remshd has called an exec(2) function, launched the command process, and is no longer present.
SECURITY FEATURES
For a detailed information on all the configuration parameters that affect remshd, refer to the security(4)
man page. remshd supports the following configuration parameters in the /etc/default/security
file:
• NOLOGIN
• UMASK
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with standard error after which any net-
work connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step
9 above upon successful completion of all the steps before the command execution).
Malformed from address
The first socket connection does not use a reserved port or the client’s host address is not an Internet
address.
HP-UX 11i Version 2: December 2007 Update − 3 − Hewlett-Packard Company 225