Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Enabling Rexec ????
Top Forums UNIX for Dummies Questions & Answers Enabling Rexec ???? Post 16187 by killerserv on Tuesday 26th of February 2002 07:25:05 PM
Old 02-26-2002
to enable Rexec you will need to comment out one line in the file /etc/pam.d/rexec. Here is a sample of the file *Your file might be diffrent:
Code:
#auth       required     /lib/security/pampwdb.so shadow nullok
auth       required     /lib/security/pamnologin.so
account    required     /lib/security/pampwdb.so

To enable rexec, the line referring to the pam_nologin.so module must be
commented out:

#auth       required     /lib/security/pampwdb.so shadow nullok
#auth       required     /lib/security/pamnologin.so
account    required     /lib/security/pampwdb.so

After this file is modified, rexec will be enabled.
**Note: If your /etc/pam.d/rexec file contains a line referring to
the pam_securetty.so module, you will not be able to rexec as root..!!
This User Gave Thanks to killerserv For This Post:
Neo
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

expect (re: rexec)

In http://forums.unix.com/showthread.php?threadid=391 there is one statement called expect. but when I issue command whereis expect, respond from o/s only EXPECT: (only one world). I try to find it at /usr/bin, no expect statement there ? is it default unix o/s command ? I am using AIX on... (1 Reply)
Discussion started by: yatno
1 Replies

2. Solaris

Rexec

How is rexec enabled on a Solaris 8? How can I check if rexec is installed? (1 Reply)
Discussion started by: pmj1970
1 Replies

3. UNIX for Advanced & Expert Users

2 users on the same server (rexec)

Hi, all. Could some one help me please with one problem? In one process (on aix) I should run some remote scripts on other server via rexec. Some scripts should be run on server1 under useridA, and some scripts should be run on the same server under useridB. I specified in .netrc... (10 Replies)
Discussion started by: Anta
10 Replies

4. UNIX for Advanced & Expert Users

reagrding REXEC command

Hi UNIX gurus..... have a doubt..can i run a script in a remote machine by using something like rexec add.corp.afg.com /aa/ss/remtescript I dont want to use the rsh command due to some security issues. thanx, rahul26 :) (2 Replies)
Discussion started by: rahul26
2 Replies

5. UNIX for Dummies Questions & Answers

launching script via REXEC

Hi folks! my client uses an winapplication which is launching shell-scripts remotely on a HP-Unix Machine via Rexec. The application-configuration is launching the script (which is in the home directory of connecting user) like: rexec host user pass shell.sh So far so good, everything... (3 Replies)
Discussion started by: JohnMurdoch
3 Replies

6. UNIX for Dummies Questions & Answers

exit codes from rexec?

how do i/is there a way to return the exit code from the remote host? echo $? from the local host only gives 0, if the rexec command itself executes successfully. But what if in the case of the remote command failiing? echo $? on the localhost still gives 0, but I'm interested in the exit code... (4 Replies)
Discussion started by: diego_sapphire
4 Replies

7. AIX

rexec - other options?

Rexec executes commands one at a time on a remote host. The rexec command provides an automatic login feature by checking for a $HOME/.netrc file. User and password are stored in $HOME/.netrc. I would like to log on to another host and execute a script/command but not using $HOME/.netrc file,... (4 Replies)
Discussion started by: ioniCoder
4 Replies

8. UNIX for Advanced & Expert Users

Rexec Issue

Hi Team, I am executing some ksh scripts which inturn calls java files in AIX Environment. We have installed java6_64 which is in .profile. But when we execute from rexec its taking path from some different place that does not have java in $PATH variable. Can you please help me find out which... (2 Replies)
Discussion started by: balasubramani04
2 Replies

9. Linux

rexec not working properly

Hi, I am trying to enable rexec to automate certain tasks(it has to be rexec, not ssh or any other due to the system environment), so after switching to linux, I followed the certain instructions that were laid out in the web. My operating system is fedora 17, so I first installed the... (1 Reply)
Discussion started by: wringer
1 Replies

10. Red Hat

Slow login with rexec.

Hi all, I´m replacing an old linux enterprise redhat 4.5 by a new one linux enterprise redhat 6. In both I use rexec as a communication between the front end and the user. In the old one, when the user connects, the communication establishes quickly (less than 3 sec). But in the new one, the... (1 Reply)
Discussion started by: mig28mx
1 Replies

LEARN ABOUT DEBIAN

pam_abl

PAM_ABL(8)							 Linux-PAM Manual							PAM_ABL(8)

NAME

       pam_abl - PAM Auto Blacklist Module

SYNOPSIS

       Provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts. Generally configured so that
       blacklisted users still see normal login prompts but are guaranteed to fail to authenticate.

       This functionality is only available to services which call PAM as root. If pam_abl is called for uid != 0 it will silently succeed.

DESCRIPTION

       Brute force password discovery attacks involve repeated attempts to authenticate against a service using a dictionary of common passwords.
       While it is desirable to enforce strong passwords for users this is not always possible and in cases where a weak password has been used
       brute force attacks can be effective.

       The pam_abl module monitors failed authentication attempts and automatically blacklists those hosts (and accounts) that are responsible for
       large numbers of failed attempts. Once a host is blacklisted it is guaranteed to fail authentication even if the correct credentials are
       provided.

       Blacklisting is triggered when the number of failed authentication attempts in a particular period of time exceeds a predefined limit.
       Hosts which stop attempting to authenticate will, after a period of time, be un-blacklisted.

       Commands can be specified which will be run when a host or user switches state from being blocked to clear or clear to blocked. See below
       or the pam_abl.conf(5) manpage for the details.

       If pam_abl is called for uid != 0 it will silently succeed. If this was not the case it would be possible for a malicious local user to
       poison the pam_abl data by, for example, discovering the names of the hosts from which root typically logs in and then constructing PAM
       authentication code to lock out root login attempts from those hosts.

OPTIONS

       Name		 Arguments			     Description

       debug		 None				     Enable debug output to syslog.

       expose_account	 None				     Ignored

       no_warn		 None				     Disable warnings which are otherwise
							     output to syslog. try_first_pass
							     None Ignored

       use_first_pass	 None				     Ignored

       use_mapped_pass	 None				     Ignored

       config		 Path to the configuration file.     The configuration file contains
							     additional arguments. In order for
							     the pam_abl command line tool to
							     work correctly most of the
							     configuration should be placed in
							     the config file rather than being
							     provided by arguments. The format of
							     the config file is described below.

       host_db		 Path to host database file.	     Path to the Berkeley DB which is
							     used to log the host responsible for
							     failed authentication attempts.

       host_purge	 Purge time for the host database.   Defines how long failed hosts are
							     retained in the host database.
							     Defaults to 1 day.

       host_rule	 Rule for host blacklisting.	     The rule (see below for format)
							     which defines the conditions under
							     which a failed hosts will be
							     blackisted.

       host_blk_cmd	 Host block command		     Command that should be run when a
							     host is checked, and is currently
							     blocked. Within the command, the
							     strings %u, %h and %s are
							     substituted with username, host and
							     service. Not all need to be used. If
							     substitution is called for, but
							     there is no iformation for that
							     field, the command will not run.

       host_clr_cmd	 Host block command		     Command that should be run when a
							     host is checked, and is currently
							     clear. Within the command, the
							     strings %u, %h and %s are
							     substituted with username, host and
							     service. Not all need to be used. If
							     substitution is called for, but
							     there is no iformation for that
							     field, the command will not run.

       user_db		 Path to user database file.	     Path to the Berkeley DB which is
							     used to log the user responsible for
							     failed authentication attempts.

       user_purge	 Purge time for the user database.   Defines how long failed users are
							     retained in the user database.
							     Defaults to 1 day.

       user_rule	 Rule for user blacklisting.	     The rule (see below for format)
							     which defines the conditions under
							     which a failed users will be
							     blackisted.

       user_blk_cmd	 Host block command		     Command that should be run when a
							     user is checked, and is currently
							     blocked. Within the command, the
							     strings %u, %h and %s are
							     substituted with username, host and
							     service. Not all need to be used. If
							     substitution is called for, but
							     there is no iformation for that
							     field, the command will not run.

       user_clr_cmd	 Host block command		     Command that should be run when a
							     user is checked, and is currently
							     clear. Within the command, the
							     strings %u, %h and %s are
							     substituted with username, host and
							     service. Not all need to be used. If
							     substitution is called for, but
							     there is no iformation for that
							     field, the command will not run.

USAGE

       Typically pam_abl.so is added to the auth stack as a required module just before whatever modules actually peform authentication. Here's a
       fragment of the PAM config for a production server that is running pam_abl:

       auth required /lib/security/pam_env.so auth required /lib/security/pam_abl.so config=/etc/security/pam_abl.conf auth sufficient
       /lib/security/pam_unix.so likeauth nullok auth required /lib/security/pam_deny.so

       Although all of accepted arguments can be supplied here they will usually be placed in a separate config file and linked to using the
       config argument as in the above example. The pam_abl command line tool reads the external config file (/etc/security/pam_abl.conf in this
       case) to find the databases so in order for it work correctly an external config should be used.

EXAMPLES

	   auth required /lib/security/pam_env.so
	   auth required /lib/security/pam_abl.so config=/etc/security/pam_abl.conf
	   auth sufficient /lib/security/pam_unix.so likeauth nullok
	   auth required /lib/security/pam_deny.so

SEE ALSO

       pam_abl.conf(5), pam_abl(1)

AUTHORS

       Andy Armstrong <andy@hexten.net>

       Chris Tasma <pam-abl@deksai.com>

GNU
								    01/13/2010								PAM_ABL(8)
All times are GMT -4. The time now is 05:49 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy