rexecd Daemon
Purpose
Provides the server function for the rexec command.
Syntax
Note: The rexecd daemon is normally started by the /etc/inetd.conf or kill -1 InetdPID command to inform the inetd daemon of the changes to its configuration file.
Note: The rexecd daemon
ignores invalid options and if the syslog facility is enabled,
the information will be logged to the system log.
Flags
| Item | Description |
|---|---|
| -s | Enables socket-level debugging. |
| -c | Prevents reverse name resolution. When the -c flag is not specified, the rexecd daemon will fail if the reverse name resolution of the client fails. |
Service Request Protocol
When the rexecd daemon receives a request, it initiates the following protocol:
- The server reads characters from the socket up to a null (\0) byte and interprets the resulting string as an ASCII number (decimal).
- If the number received is nonzero, the rexecd daemon interprets it as the port number of a secondary stream to be used for standard error output. The rexecd daemon then creates a second connection to the specified port on the client machine.
- The rexecd daemon retrieves a null-terminated user name of up to 16 characters on the initial socket.
Security
The rexecd daemon is a PAM-enabled application with a service name of rexec. System-wide configuration to use PAM for authentication is set by modifying the value of the auth_type attribute, in the usw stanza of /etc/security/login.cfg, to PAM_AUTH as the root user.
The
authentication mechanisms used when PAM is enabled depend on the configuration
for the rexec service in /etc/pam.conf. The rexecd daemon
requires /etc/pam.conf entries for the auth, account,
and session module types. Listed below is a recommended configuration
in /etc/pam.conf for the rexec service:
#
# AIX rexec configuration
#
rexec auth required /usr/lib/security/pam_aix
rexec account required /usr/lib/security/pam_aix
rexec session required /usr/lib/security/pam_aix