openafs/doc/html/AdminReference/auarf229.htm

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records  ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID      -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30                -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved    --> 
<BODY bgcolor="ffffff"> 
<!-- End Header Records  ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf228.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf230.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<P>
<H2><A NAME="HDRRSH" HREF="auarf002.htm#ToC_243">rsh (AFS version)</A></H2>
<A NAME="IDX5428"></A>
<A NAME="IDX5429"></A>
<A NAME="IDX5430"></A>
<A NAME="IDX5431"></A>
<A NAME="IDX5432"></A>
<P><STRONG>Purpose</STRONG>
<P>Opens a shell on a remote machine
<P><STRONG>Synopsis</STRONG>
<PRE><B>rsh</B> <VAR>host</VAR>  [<B>-n</B>]  [<B>-l</B> &lt;<VAR>username</VAR>>]  &lt;<VAR>command</VAR>>
   
<VAR>host</VAR>  [<B>-n</B>]  [<B>-l</B> &lt;<VAR>username</VAR>>]    &lt;<VAR>command</VAR>>
</PRE>
<P><STRONG>Description</STRONG>
<P>The AFS-modified <B>rsh</B> program functions like the standard UNIX
<B>rsh</B> program, but also passes the issuer's AFS token to the
remote machine's Cache Manager, to enable authenticated access to the AFS
filespace via that machine.
<P>Token passing is most effective if both the remote machine and local
machine belong to the same cell, because the <B>rsh</B> program can pass
only one token even if the user has several tokens--it passes the token
listed first in the output from the <B>tokens</B> command. If the
remote and local machine do not belong to the same cell, the first token must
be valid for the remote machine's cell, in order for the remote
cell's server processes to recognize the issuer as authenticated.
<P>In addition to running the AFS version of the <B>rsh</B> binary on the
machine where the <B>rsh</B> command is issued, other configuration
changes are necessary for token passing to work properly. See the
<B>Cautions</B> section for a list.
<P>The AFS version of the <B>rsh</B> command is compatible with the
standard UNIX <B>inetd</B> command, but token passing works only if both
programs are modified to handle AFS tokens. If only one of them is
modified, the issuer accesses the AFS filespace through the remote machine as
the user <B>anonymous</B>.
<P><STRONG>Cautions</STRONG>
<P>Some operating systems assign an alternate name to this program, such as
<B>remsh</B>. The version included in the AFS distribution uses the
same name as the operating system.
<P>The AFS distribution does not include an AFS-modified version of this
command for every system type, in some cases because the operating system
vendor has already modified the standard version in the required way.
For details, see the <I>IBM AFS Release Notes</I>.
<P>For security's sake, use the AFS version of the <B>rsh</B> command
only in conjunction with PAGs, either by using an AFS-modified login utility,
issuing the <B>pagsh</B> command before obtaining tokens, or including the
<B>-setpag</B> flag to the <B>klog</B> command.
<P>Several configuration requirements and restrictions are necessary for token
passing to work correctly with the AFS version of the <B>rsh</B>
command. Some of these are also necessary with the standard UNIX
version, but are included here because the issuer used to AFS protections is
possibly unlikely to think of them. There are possibly other UNIX-based
requirements or restrictions not mentioned here; consult the UNIX manual
page for the <B>rsh</B> command. (One important one is that no
<TT>stty</TT> commands can appear in the issuer's shell initialization
file, such as the <B>.cshrc</B> file.)
<P>The requirements and restrictions for token passing include the
following.
<UL>
<P><LI>The local machine must be running the AFS version of the <B>rsh</B>
command, with the binary file locally installed to grant setuid privilege to
the owner, the local superuser <B>root</B>.
<P><LI>The remote machine must be running the AFS version of the <B>inetd</B>
program.
<P><LI>If the <B>rsh</B> command is to consult an <B>.rhosts</B>
file on the remote machine, the file must have UNIX mode bits no more liberal
than <B>-rw-r--r--</B>. If the <B>.rhosts</B> file
resides in a user home directory in AFS, the home directory must also grant
the <B>l</B> (<B>lookup</B>) and <B>r</B> (<B>read</B>)
permissions to the <B>system:anyuser</B> group.
</UL>
<P><STRONG>Options</STRONG>
<P>Consult the UNIX manual page for the <B>rsh</B> command.
<P><STRONG>Privilege Required</STRONG>
<P>None
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf179.htm#HDRINETD">inetd (AFS version)</A>
<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
<P>UNIX manual page for <B>rsh</B> or <B>remsh</B>
<P><I>IBM AFS Release Notes</I>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf228.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf230.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<!-- Begin Footer Records  ========================================== -->
<P><HR><B> 
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A>  All Rights Reserved 
</B> 
<!-- End Footer Records  ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>
initial-html-documentation-20010606 pull in all documentation from IBM 2001-06-06 20:09:07 +01:00			`<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">`
			`<HTML><HEAD>`
			`<TITLE>Administration Reference</TITLE>`
			`<!-- Begin Header Records ========================================== -->`
			`<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->`
			`<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->`
			`<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">`
			`<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">`
			`<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">`
			`</HEAD><BODY>`
			`<!-- (C) IBM Corporation 2000. All Rights Reserved -->`
			`<BODY bgcolor="ffffff">`
			`<!-- End Header Records ============================================ -->`
			`<A NAME="Top_Of_Page"></A>`
			`<H1>Administration Reference</H1>`
			<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf228.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf230.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
			`<P>`
			`<H2><A NAME="HDRRSH" HREF="auarf002.htm#ToC_243">rsh (AFS version)</A></H2>`
			`<A NAME="IDX5428"></A>`
			`<A NAME="IDX5429"></A>`
			`<A NAME="IDX5430"></A>`
			`<A NAME="IDX5431"></A>`
			`<A NAME="IDX5432"></A>`
			`<P><STRONG>Purpose</STRONG>`
			`<P>Opens a shell on a remote machine`
			`<P><STRONG>Synopsis</STRONG>`
			`<PRE><B>rsh</B> <VAR>host</VAR> [<B>-n</B>] [<B>-l</B> <<VAR>username</VAR>>] <<VAR>command</VAR>>`

			`<VAR>host</VAR> [<B>-n</B>] [<B>-l</B> <<VAR>username</VAR>>] <<VAR>command</VAR>>`
			`</PRE>`
			`<P><STRONG>Description</STRONG>`
			`<P>The AFS-modified <B>rsh</B> program functions like the standard UNIX`
			`<B>rsh</B> program, but also passes the issuer's AFS token to the`
			`remote machine's Cache Manager, to enable authenticated access to the AFS`
			`filespace via that machine.`
			`<P>Token passing is most effective if both the remote machine and local`
			`machine belong to the same cell, because the <B>rsh</B> program can pass`
			`only one token even if the user has several tokens--it passes the token`
			`listed first in the output from the <B>tokens</B> command. If the`
			`remote and local machine do not belong to the same cell, the first token must`
			`be valid for the remote machine's cell, in order for the remote`
			`cell's server processes to recognize the issuer as authenticated.`
			`<P>In addition to running the AFS version of the <B>rsh</B> binary on the`
			`machine where the <B>rsh</B> command is issued, other configuration`
			`changes are necessary for token passing to work properly. See the`
			`<B>Cautions</B> section for a list.`
			`<P>The AFS version of the <B>rsh</B> command is compatible with the`
			`standard UNIX <B>inetd</B> command, but token passing works only if both`
			`programs are modified to handle AFS tokens. If only one of them is`
			`modified, the issuer accesses the AFS filespace through the remote machine as`
			`the user <B>anonymous</B>.`
			`<P><STRONG>Cautions</STRONG>`
			`<P>Some operating systems assign an alternate name to this program, such as`
			`<B>remsh</B>. The version included in the AFS distribution uses the`
			`same name as the operating system.`
			`<P>The AFS distribution does not include an AFS-modified version of this`
			`command for every system type, in some cases because the operating system`
			`vendor has already modified the standard version in the required way.`
			`For details, see the <I>IBM AFS Release Notes</I>.`
			`<P>For security's sake, use the AFS version of the <B>rsh</B> command`
			`only in conjunction with PAGs, either by using an AFS-modified login utility,`
			`issuing the <B>pagsh</B> command before obtaining tokens, or including the`
			`<B>-setpag</B> flag to the <B>klog</B> command.`
			`<P>Several configuration requirements and restrictions are necessary for token`
			`passing to work correctly with the AFS version of the <B>rsh</B>`
			`command. Some of these are also necessary with the standard UNIX`
			`version, but are included here because the issuer used to AFS protections is`
			`possibly unlikely to think of them. There are possibly other UNIX-based`
			`requirements or restrictions not mentioned here; consult the UNIX manual`
			`page for the <B>rsh</B> command. (One important one is that no`
			`<TT>stty</TT> commands can appear in the issuer's shell initialization`
			`file, such as the <B>.cshrc</B> file.)`
			`<P>The requirements and restrictions for token passing include the`
			`following.`
			`<UL>`
			`<P><LI>The local machine must be running the AFS version of the <B>rsh</B>`
			`command, with the binary file locally installed to grant setuid privilege to`
			`the owner, the local superuser <B>root</B>.`
			`<P><LI>The remote machine must be running the AFS version of the <B>inetd</B>`
			`program.`
			`<P><LI>If the <B>rsh</B> command is to consult an <B>.rhosts</B>`
			`file on the remote machine, the file must have UNIX mode bits no more liberal`
			`than <B>-rw-r--r--</B>. If the <B>.rhosts</B> file`
			`resides in a user home directory in AFS, the home directory must also grant`
			`the <B>l</B> (<B>lookup</B>) and <B>r</B> (<B>read</B>)`
			`permissions to the <B>system:anyuser</B> group.`
			`</UL>`
			`<P><STRONG>Options</STRONG>`
			`<P>Consult the UNIX manual page for the <B>rsh</B> command.`
			`<P><STRONG>Privilege Required</STRONG>`
			`<P>None`
			`<P><STRONG>Related Information</STRONG>`
			`<P><A HREF="auarf179.htm#HDRINETD">inetd (AFS version)</A>`
			`<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>`
			`<P>UNIX manual page for <B>rsh</B> or <B>remsh</B>`
			`<P><I>IBM AFS Release Notes</I>`
			`<P>`
			<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf228.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf230.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
			`<!-- Begin Footer Records ========================================== -->`
			`<P><HR><B>`
			`<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved`
			`</B>`
			`<!-- End Footer Records ============================================ -->`
			`<A NAME="Bot_Of_Page"></A>`
			`</BODY></HTML>`