rexecd.1m (2010 09)
r
rexecd(1M) rexecd(1M)
NAME
rexecd - remote execution server
SYNOPSIS
/usr/lbin/rexecd
[ -n ][-m ][
-s ][-S ]
DESCRIPTION
rexecd is the server for the rexec()
routine, and the rexec_af() routine in case of IPv6 systems; it
expects to be started by the internet daemon (see inetd (1M)).
rexecd provides remote execution facili-
ties with authentication based on user account names and unencrypted passwords.
inetd calls rexecd when a service request is received at the port indicated for the ‘‘exec’’ service
specification in /etc/services
; see services (4). To run rexecd
, the following line should be present
in
/etc/inetd.conf
:
exec stream tcp nowait root /usr/lbin/rexecd rexecd
The above configuration line will start
rexecd in IPv4 mode. To run rexecd in IPv6 mode, the fol-
lowing line must be present in the
/etc/inetd.conf
file:
exec stream tcp6 nowait root /usr/lbin/rexecd rexecd
That is, for IPv6 applications, the protocol
tcp has to be changed to tcp6. See inetd.conf (4) for more
information.
Options
rexecd recognizes the following options.
-m With this option enabled, rexecd returns immediately after its child process gets killed; it
does not wait for all its sub child processes to die. This in turn makes rexec not wait even
when the sub child processes are running remotely. As a result,
rexec will not appear hung.
It is recommended that users do not use the -m option if they want rexecd
to wait until the
completion of all the sub child processes. Otherwise, the user may get an unexpected result.
This option is applicable only to
rexec with a secondary socket connection.
Note that even with the
-m option enabled rexecd will exit if command standard error is
closed.
-n Disable transport-level keep-alive messages. By default, the messages are enabled. The
keep-alive messages allow sessions to time out if the client crashes or becomes unreachable.
-s This option is used in multi-homed NIS systems. It disables rexecd from doing a reverse
lookup of the client’s IP address; see gethostbyname(3N) for more information. It can be used
to circumvent an NIS limitation with multi-homed hosts.
-S Disallow logging in as a superuser.
When a service request is received, the following protocol is initiated:
1. The server reads characters from the socket up to a null (
\0) byte. The resultant string is
interpreted as an ASCII number, base 10.
2. If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary
stream to be used for the
stderr. A second connection is then created to the specified port on
the client’s host. If the first character sent is a null (\0), no secondary connection is made and
the stderr of the command is sent to the primary stream. If the secondary connection has
been made, rexecd interprets bytes it receives on that socket as signal numbers and passes
them to the command as signals (see signal (2)).
3. A null-terminated user name of not more than 256 characters is retrieved on the initial socket.
4. A null-terminated, unencrypted password of not more than 16 characters is retrieved on the ini-
tial socket.
5. A null-terminated command to be passed to a shell is retrieved on the initial socket. The length
of the command is limited by the upper bound on the size of the system’s argument list.
6.
rexecd then validates the user, as is done by login using PAM modules for authentication.
See login (1) for more information. If the authentication succeeds, rexecd changes to the
user’s home directory and establishes the user and group protections of the user. If any of these
steps fail, rexecd returns a diagnostic message through the connection, then closes the
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1