HPE Community
Operating System - HP-UX
1821210 Members
3299 Online
109632 Solutions
New Discussion юеВ

Re: Remshd and kshell

 
Leila Maria Rebel
Frequent Advisor

тАО01-04-2001 06:34 AM

тАО01-04-2001 06:34 AM

Remshd and kshell

Hi!
Please, check this situation:

1) I have an SP/AIX 4.3.3 System running Kerberos V5 authentication.

2) I have 2 HP-UX 10.20 that don't have Secure Internet Services installed. I will name them System A and System B for future references. Both systems have the inetd logging activated.

3) When I issue a remsh command from AIX system to HP System A, the request is answered by the service "shell" and works fine.

4) When I issue a remsh command from AIX system to HP System B, the request is answered by the service "kshell" and thus fails, once I don't have the secure service. If I comment the line of the service "kshell" in the inetd.conf file, it answers normally through the service "shell" and the remsh works fine.

I can't find any difference between the systems. The services for kshell are defined in the same way on both systems.

At the man pages of inetd, I can see:
"For stream services, inetd listens for connection requests on Internet stream sockets. When a connection is requested for one of its sockets, inetd decides which service the socket will support(...)"

Do you know why there are different "decisions" from inetd on each system ?

Thanks,

Leila
Leila rebel
0 Kudos
Reply
6 REPLIES 6
Bruce Regittko_1
Esteemed Contributor

тАО01-04-2001 06:49 AM

тАО01-04-2001 06:49 AM

Re: Remshd and kshell

Hi,

I would take a look at /etc/services and see if those two were identical. /etc/services maps port numbers that inetd listens to to the service name.

--Bruce
www.stratech.com/training
0 Kudos
Reply
Tom Danzig
Honored Contributor

тАО01-04-2001 07:25 AM

тАО01-04-2001 07:25 AM

Re: Remshd and kshell

When you change inetd.conf, make sure you HUP the inetd process.

inetd -c

0 Kudos
Reply
Dan Hetzel
Honored Contributor

тАО01-04-2001 07:42 AM

тАО01-04-2001 07:42 AM

Re: Remshd and kshell

Hi Leila,

You asked 'Do you know why there are different "decisions" from inetd on each system ?'

I guess that, in file /etc/services, the port numbers associated to the services must be different. Did you check them?

The inetd daemon only recognizes services by port numbers and not by names so, the same service (same number) with different names associated could explain that behavior.
If you make any change, don't forget to force inetd to re-read the configuration file with 'inetd -c' or with 'inetd -k; inetd'

Sorry but I don't have any AIX at hand to check this.

Best regards,

Dan

Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
0 Kudos
Reply
Leila Maria Rebel
Frequent Advisor

тАО01-04-2001 07:57 AM

тАО01-04-2001 07:57 AM

Re: Remshd and kshell

Hi,

the /etc/services files are identical as well as inetd.conf.

These are /etc/services entries:

shell 514/tcp cmd # remote command, no passwd used
kshell 544/tcp krcmd # Kerberos remote shell -kfall

These are /etc/inetd.conf entries:

shell stream tcp nowait root /usr/lbin/remshd remshd
kshell stream tcp nowait root /usr/lbin/remshd remshd -K

It seems to be related to any criteria used by inetd that differs from one system to another.

Any suggestion ??

Leila rebel
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

тАО01-04-2001 08:12 AM

тАО01-04-2001 08:12 AM

Re: Remshd and kshell

Hi,
Havent you a .rhost on the machine A, and not on B.
Just thoughts... because Ive seen many times the usage of such files to bypass kerberos...

Good luck
Victor
0 Kudos
Reply
Leila Maria Rebel
Frequent Advisor

тАО01-04-2001 08:42 AM

тАО01-04-2001 08:42 AM

Re: Remshd and kshell

Victor, your comment is perfect. The docs I've found says that if you use .rhosts or hosts.equiv you have standard authentication.

Unfortunatelly, I've checked this and both systems are identical. They use the .rhosts file on root's home.

The most interesting for me is that when I comment the kshell service in the inetd.conf file, the inetd uses shell normally !!! I can use this solution, but I would like to understand...

Victor, I don't know why I don't have the chance to assign points to your answer. Beside your name, instead of "assign points" icon, I have "[unassigned]" :-(

Leila

Leila rebel
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.