xref: /titanic_44/usr/src/man/man1m/rpc.rexd.1m (revision a65cd518c5d0f30c53594a7022eb0f7d04c98cef)
te
Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
RPC.REXD 1M "Nov 5, 2004"
NAME
rpc.rexd, rexd - RPC-based remote execution server
SYNOPSIS

/usr/sbin/rpc.rexd [-s]
DESCRIPTION

rpc.rexd is the Sun RPC server for remote program execution. This daemon is started by inetd(1M) whenever a remote execution request is made.

For non-interactive programs, the standard file descriptors are connected directly to TCP connections. Interactive programs involve pseudo-terminals, in a fashion that is similar to the login sessions provided by rlogin(1). This daemon may use NFS to mount file systems specified in the remote execution request.

There is a 10240 byte limit for arguments to be encoded and passed from the sending to the receiving system.

OPTIONS

The following option is supported: -s

Secure. When specified, requests must have valid DES credentials. If the request does not have a DES credential it is rejected. The default publickey credential is rejected. Only newer on(1) commands send DES credentials. If access is denied with an authentication error, you may have to set your publickey with the chkey(1) command. Specifying the -s option without presenting secure credentials will result in an error message: Unix too weak auth (DesONly)!

SECURITY

rpc.rexd uses pam(3PAM) for account and session management. The PAM configuration policy, listed through /etc/pam.conf, specifies the modules to be used for rpc.rexd. Here is a partial pam.conf file with rpc.rexd entries for account and session management using the UNIX module.

rpc.rexd account requisite pam_roles.so.1
rpc.rexd account required pam_projects.so.1
rpc.rexd account required pam_unix_account.so.1

rpc.rexd session required pam_unix_session.so.1

If there are no entries for the rpc.rexd service, the entries for the "other" service will be used. rpc.rexd uses the getpwuid() call to determine whether the given user is a legal user.

FILES
/dev/ptsn

Pseudo-terminals used for interactive mode

/etc/passwd

Authorized users

/tmp_rex/rexd??????

Temporary mount points for remote file systems

SEE ALSO

chkey(1), on(1), rlogin(1), svcs(1), inetadm(1M), inetd(1M), svcadm(1M), pam(3PAM), pam.conf(4), publickey(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5), smf(5)

DIAGNOSTICS

Diagnostic messages are normally printed on the console, and returned to the requestor.

NOTES

Root cannot execute commands using rexd client programs such as on(1).

The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

The rpc.rexd service is managed by the service management facility, smf(5), under the service identifier:

svc:/network/rpc/rex:default

Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibility for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view configuration information for this service. The service's status can be queried using the svcs(1) command.