rexecd Daemon

Purpose

Provides the server function for the rexec command.

Syntax

Note: The rexecd daemon is normally started by the /etc/inetd.conf or kill -1 InetdPID command to inform the inetd daemon of the changes to its configuration file.
Note: The rexecd daemon ignores invalid options and if the syslog facility is enabled, the information will be logged to the system log.

Flags

Item Description
-s Enables socket-level debugging.
-c Prevents reverse name resolution. When the -c flag is not specified, the rexecd daemon will fail if the reverse name resolution of the client fails.

Service Request Protocol

When the rexecd daemon receives a request, it initiates the following protocol:

  1. The server reads characters from the socket up to a null (\0) byte and interprets the resulting string as an ASCII number (decimal).
  2. If the number received is nonzero, the rexecd daemon interprets it as the port number of a secondary stream to be used for standard error output. The rexecd daemon then creates a second connection to the specified port on the client machine.
  3. The rexecd daemon retrieves a null-terminated user name of up to 16 characters on the initial socket.

Security

The rexecd daemon is a PAM-enabled application with a service name of rexec. System-wide configuration to use PAM for authentication is set by modifying the value of the auth_type attribute, in the usw stanza of /etc/security/login.cfg, to PAM_AUTH as the root user.

The authentication mechanisms used when PAM is enabled depend on the configuration for the rexec service in /etc/pam.conf. The rexecd daemon requires /etc/pam.conf entries for the auth, account, and session module types. Listed below is a recommended configuration in /etc/pam.conf for the rexec service:
#
# AIX rexec configuration
#
rexec auth      required     /usr/lib/security/pam_aix

rexec account   required     /usr/lib/security/pam_aix

rexec session   required     /usr/lib/security/pam_aix