Mercurial > illumos > illumos-gate

view usr/src/man/man1m/rpc.rexd.1m @ 13659:57451298f940

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
1469 ttyc/ttyd should be an allowed console device Reviewed by: Milan Jurik <milan.jurik@xylab.cz> Reviewed by: Alexander Eremin <alexander.r.eremin@gmail.com> Approved by: Richard Lowe <richlowe@richlowe.net>
author Gary Mills <gary_mills@fastmail.fm>
date Thu, 05 Apr 2012 08:47:21 -0500
parents 5b2854ecc12d
children
line wrap: on
line source

'\" te
.\"  Copyright (c) 2004, Sun Microsystems, Inc.  All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH RPC.REXD 1M "Nov 5, 2004"
.SH NAME
rpc.rexd, rexd \- RPC-based remote execution server
.SH SYNOPSIS
.LP
.nf
\fB/usr/sbin/rpc.rexd\fR [\fB-s\fR]
.fi

.SH DESCRIPTION
.sp
.LP
\fBrpc.rexd\fR is the Sun \fBRPC\fR server for remote program execution. This
daemon is started by \fBinetd\fR(1M) whenever a remote execution request is
made.
.sp
.LP
For non-interactive programs, the standard file descriptors are connected
directly to \fBTCP\fR connections. Interactive programs involve
pseudo-terminals, in a fashion that is similar to the login sessions provided
by \fBrlogin\fR(1). This daemon may use \fBNFS\fR to mount file systems
specified in the remote execution request.
.sp
.LP
There is a \fB10240\fR byte limit for arguments to be encoded and passed from
the sending to the receiving system.
.SH OPTIONS
.sp
.LP
The following option is supported:
.sp
.ne 2
.na
\fB\fB-s\fR\fR
.ad
.RS 6n
Secure. When specified, requests must have valid \fBDES\fR credentials. If the
request does not have a \fBDES\fR credential it is rejected. The default
publickey credential is rejected. Only newer \fBon\fR(1) commands send
\fBDES\fR credentials.
.sp
If access is denied with an authentication error, you may have to set your
publickey with the \fBchkey\fR(1) command.
.sp
Specifying the \fB-s\fR option without presenting secure credentials will
result in an error message: \fBUnix too weak auth (DesONly)!\fR
.RE

.SH SECURITY
.sp
.LP
\fBrpc.rexd\fR uses \fBpam\fR(3PAM) for account and session management.  The
\fBPAM\fR configuration policy, listed through \fB/etc/pam.conf\fR, specifies
the modules to be used for \fBrpc.rexd\fR. Here is a partial \fBpam.conf\fR
file with \fBrpc.rexd\fR entries for account and session management using the
UNIX module.
.sp
.in +2
.nf
rpc.rexd   account requisite       pam_roles.so.1
rpc.rexd   account required        pam_projects.so.1
rpc.rexd   account required        pam_unix_account.so.1

rpc.rexd      session required      pam_unix_session.so.1
.fi
.in -2

.sp
.LP
If there are no entries for the \fBrpc.rexd\fR service, the entries for the
"other" service will be used. \fBrpc.rexd\fR uses the \fBgetpwuid()\fR call to
determine whether the given user is a legal user.
.SH FILES
.sp
.ne 2
.na
\fB\fB/dev/pts\fIn\fR\fR\fR
.ad
.RS 23n
Pseudo-terminals used for interactive mode
.RE

.sp
.ne 2
.na
\fB\fB/etc/passwd\fR\fR
.ad
.RS 23n
Authorized users
.RE

.sp
.ne 2
.na
\fB\fB/tmp_rex/rexd??????\fR\fR
.ad
.RS 23n
Temporary mount points for remote file systems
.RE

.SH SEE ALSO
.sp
.LP
\fBchkey\fR(1), \fBon\fR(1), \fBrlogin\fR(1), \fBsvcs\fR(1), \fBinetadm\fR(1M),
\fBinetd\fR(1M), \fBsvcadm\fR(1M), \fBpam\fR(3PAM), \fBpam.conf\fR(4),
\fBpublickey\fR(4), \fBattributes\fR(5), \fBpam_authtok_check\fR(5),
\fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5),
\fBpam_passwd_auth\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5),
\fBpam_unix_session\fR(5), \fBsmf\fR(5)
.SH DIAGNOSTICS
.sp
.LP
Diagnostic messages are normally printed on the console, and returned to the
requestor.
.SH NOTES
.sp
.LP
Root cannot execute commands using \fBrexd\fR client programs such as
\fBon\fR(1).
.sp
.LP
The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is
provided by \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5),
\fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5),
\fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), and
\fBpam_unix_session\fR(5).
.sp
.LP
The \fBrpc.rexd\fR service is managed by the service management facility,
\fBsmf\fR(5), under the service identifier:
.sp
.in +2
.nf
svc:/network/rpc/rex:default
.fi
.in -2
.sp

.sp
.LP
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using \fBsvcadm\fR(1M). Responsibility for
initiating and restarting this service is delegated to \fBinetd\fR(1M). Use
\fBinetadm\fR(1M) to make configuration changes and to view configuration
information for this service. The service's status can be queried using the
\fBsvcs\fR(1) command.