Setting up the InetD configuration file

The Internet Daemon (InetD) is a generic listener program that is used by such servers as the z/OS® UNIX telnet server and the z/OS UNIX rexec server. Other servers such as the z/OS UNIX ftp server have their own listener program and do not use InetD. For more information about generic servers and sample InetD started procedure JCL, see Generic servers in a CINET environment.

The inetd.conf file is an example of the user configuration file. This file is stored in the /etc directory and is referenced as a start parameter in the InetD started procedure JCL. The inet.conf file can also be stored as an MVS™ data set. Ensure that you use configuration statements like those statements in the following example to enable the InetD services that are required on your system:

Figure 1. Adding applications to /etc/inetd.conf

                                                                           
  #======================================================================  
  # service | socket | protocol | wait/ | user | server  | server program  
  # name    | type   |          | nowait|      | program |   arguments     
  #======================================================================  
  #                                                                        
  shell    stream    tcp        nowait  OMVSKERN /usr/sbin/orshd orshd -l  
  exec     stream    tcp        nowait  OMVSKERN /usr/sbin/orexecd orexecd -lv
  otelnet  stream    tcp        nowait  OMVSKERN /usr/sbin/otelnetd otelnetd 
  # Add the following line to enable Kerberos for orshd
  kshell   stream    tcp        nowait  OMVSKERN /usr/sbin/orshd orshd -l -k KRB5

If the rshd, rexecd, or otelnetd service is to support IPv6 clients, then tcp6 should be specified instead of tcp. Kerberos is not supported for IPv6-enabled services, such as z/OS UNIX Telnet, z/OS UNIX rsh, and z/OS UNIX rexec.

For IPv4 connection partners, the terminal ID passed from InetD to RACF® (or an equivalent security program) is an 8-byte hexadecimal character string containing an IPv4 address. For example, the IP address 163.97.227.17 is translated to X'A361E311'. RACF interprets this as a terminal logon address and rejects it if it is not previously defined.

For IPv6 connection partners, only IPv4-mapped IPv6 addresses are handled in this way. The IPv4 address portion of the IPv6 address is placed in the terminal ID for RACF validation. No other IPv6 address format is supported through terminal ID RACF validation.

To establish a relationship between the servers defined in the /etc/inetd.conf file and specific port numbers in the z/OS UNIX environment, ensure that statements have been added to ETC.SERVICES for each of these servers. See the sample ETC.SERVICES installed in the /usr/lpp/tcpip/samples/services directory for how to specify ETC.SERVICES statements for these servers.

The traces for both the z/OS UNIX rexec and rsh servers are enabled through options in the InetD configuration file (/etc/inetd.conf):

Figure 2. Setting traces in /etc/inetd.conf

                                                                           
  #======================================================================  
  # service | socket | protocol | wait/ | user | server  | server program  
  # name    | type   |          | nowait|      | program |   arguments     
  #======================================================================  
  #                                                                        
  shell      stream    tcp       nowait OMVSKERN /usr/sbin/orshd orshd -d  1
  exec       stream    tcp       nowait OMVSKERN /usr/sbin/orexecd orexecd -d  2

The traces are turned on for both servers by passing a -d argument to the server programs. 1 is the RSHD server and 2 is the REXECD server. All commands executed after the debug flags have been turned on in the InetD configuration file and the InetD server has reread the file will produce trace output.

The trace is written in formatted form to the syslogd facility name daemon with a priority of debug. The trace data can be routed to a file in your Hierarchical File System by specifying the following definition in your syslogd configuration file (/etc/syslogd.conf):

# 
# All ftp, rexecd, rshd 
# debug messages (and above 
# priority messages) go 
# to server.debug.a                                      
#
daemon.debug              /tmp/syslogd/server.debug.a

In this example, the trace data is written to /tmp/syslogd/server.debug.a in your Hierarchical File System. For more information on syslogd, see Logging of system messages.

For more information about InetD, see z/OS UNIX System Services Planning or z/OS UNIX System Services Command Reference.