|
|
As with any service, you must register REXEC with a port monitor under the Service Access Facility (SAF). By registering the service with a port monitor, you associate the service with a specific port and an authentication scheme. When a client machine attempts to access the service, it calls the port monitor, which informs the client that the service is protected by the scheme. If the client supports the scheme, it begins the authentication process.
The authentication scheme authenticates the user on the client machine and maps the user's login to a local login before REXEC is invoked. REXEC obtains the information established by the authentication scheme and sets up the environment of the mapped user before executing the requested service.
To register REXEC with a port monitor and protect it with the
cr1 authentication scheme,
you must add REXEC to the port monitor's _pmtab file.
If the port monitor is tcp,
the REXEC service is added to the _pmtab file
by using the command:
pmadm -a -p tcp -s rexec -f u \
-m "` nlsadmin -c /usr/lib/rexec/rxserver -p tirdwr`" \
-v ` nlsadmin -V` -S "cr1 -srexec" -y "remote execution"
The port monitor-specific command, the -m operand, specifies the server rxserver to be executed and the module to be pushed on the stream. rxserver is invoked by a network listener process after a connection has been established between a client and the server's port associated with the rexec service, and performs REXEC server functions.
The -S operand of the pmadm command specifies the authentication scheme to be associated with the service tag rexec.
For more information about registering services under the SAF, see ``Administering port services''. For additional information about cr1, see ``cr1 Bilateral Authentication Scheme''.