Using HP-UX Internet Services HP-UX 11i v2, HP-UX 11i v3 HP Part Number: B2355-91061 Published: February 2007 Edition: 2
Legal Notices © Copyright 2004–2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents About This Document.....................................................................................................................7 Intended Audience..................................................................................................................7 HP-UX Release Name and Release Identifier.............................................................................7 Publishing History.....................................................................................
Enabling Standard UNIX Authentication on rexecd and remshd Services........................25 Enabling DCE Integrated Logging Authentication.........................................................26 Using remshd in a Secure Internet Services Environment...............................................26 Creating the distfile................................................................................................................26 Variable Definitions....................................................
List of Tables 5-1 5-2 The distfile Commands...............................................................................................29 rdist Command-Line Options.....................................................................................
About This Document This document describes how to use the HP-UX Internet Services products in the HP-UX 11i v2 and HP-UX 11i v3 operating systems. Intended Audience This manual is intended for system and network administrators responsible for configuring and maintaining the Internet Services software on the HP-UX 11i v2 or HP-UX 11i v3 operating system. Administrators are expected to have knowledge of operating system concepts, commands, and the various routing protocols.
Document Organization The Using HP-UX Internet Services document is organized as follows: Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Logging into a Host Using telnet Provides information about how to use the telnet program. It also explains the steps to verify the local terminal configuration settings, and the terminal settings on the remote host. Logging into a Host with rlogin Describes how to log into a remote HP-UX or UNIX host from a local host.
• HP-UX ramD Administrator’s Guide at: http://docs.hp.com/en/netcom.html#Routing • Request for Comments (RFC) at: http://www.ietf.org/rfc.html • Other Documents For detailed technical and conceptual information about BIND, as well as information about planning a BIND hierarchy and using Sendmail with BIND, HP recommends that you read Paul Albitz and Cricket Liu, 2001. DNS and BIND. O'Reilly and Associates, Inc.
{} (Ctrl+A) Bold ... | The contents are required in formats and command description. If the contents are a list separated by |, you must choose one of the items. This symbol indicates that you hold down the first named key while pressing the key or mouse button that follows the plus. The defined use of an important word or phrase. The preceding element can be repeated an arbitrary number of times. Separates items in a list of choices.
1 Logging into a Host Using telnet telnet is used to log into a remote HP-UX, UNIX, or non-UNIX host that supports the ARPA services. It allows you to enter and execute commands on the remote host similar to executing commands on the remote host’s console. This chapter contains information about how to log into a host using the telnet program.
In general, • • • Remote line mode applications work properly over telnet or rlogin irrespective of your local terminal’s compatibility mode setting. Remote screen mode applications require that your local terminal and the remote host use the same commands to control cursor movements. Remote block mode applications do not work over telnet or rlogin and are not supported. For more information, see the terminal documentation for the hosts with which you work.
are using the Secure Internet Services version of telnet, you will not be prompted for a login name or password. After you log into the remote host, telnet is in input state. When telnet is in input state, you can use the remote host as if your terminal or workstation is physically connected to that host. If certain keystrokes do not function as expected, or if your display is not proper, see “Checking Your Remote Terminal Configuration” (page 14). 4. 5.
If you notice that certain keystrokes do not function as expected, see “Checking Your Remote Terminal Configuration” (page 14). 3.
Changing the Behavior of Carriage Returns You may sometimes notice a change in the way your local host interprets a carriage return received from a remote host. This indicates that the telnet’s carriage return mode setting is wrong for the type of remote host to which you are connected. In such cases, your local host must change the carriage return setting appropriately.
A list of all the telnet commands are displayed. NOTE: If you are connected to a remote host and wish to redisplay its prompt, press Return twice. Getting Information about a Specific telnet Command To obtain information about a specific telnet command, perform the following steps: 1. 2. If you are not at the telnet> prompt, enter the telnet escape character (usually CTRL-]) to display the prompt.
2 Logging into a Host with rlogin rlogin is used to log into a remote HP-UX or UNIX host from your local host. It allows you to work on the remote host similar to executing commands on the remote host’s console. For more information, type man 1 rlogin at the HP-UX prompt. Using rlogin If you have an account on a remote host, you can use rlogin to log into the remote host. The following steps describe how to log into a remote host: 1. 2.
To create a $HOME/.rhosts file on the remote host, perform the following steps: 1. If you do not know where your home directory is on the remote host, log into the remote host and issue the following command: echo $HOME 2. Create a file called .rhosts in your home directory on the remote host, if it does not already exist, and add the following line to it: your_local_host's_name 3. your_local_login_name Issue the following command to ensure that you are the owner of the remote .rhosts file: ls -l .
3 Transferring Files with ftp With ftp, you can transfer files among HP-UX, UNIX, and non-UNIX network hosts that support ARPA services. For more information, type man 1 ftp at the HP-UX prompt. Using ftp The following steps describe how to transfer files between the local and remote host using the ftp program: 1. Issue the following command to establish a connection with the remote host: ftp remote_host_name or ftp remote_IP_address 2. 3. Type your user name when prompted for by the remote host.
The put command transfers a file from the local host to the remote host. The get command transfers a file from the remote host to the local host. If you do not specify a destination_filename, the file is copied with the original name. 7. To exit from ftp and return to the HP-UX prompt on your local host, type quit at the ftp> prompt. Setting Up Automatic Remote Login for ftp If you have an account on a remote host, you can create a .
4 Transferring Files with rcp The rcp command allows you to copy files between HP-UX or UNIX hosts. You can also copy the contents of an entire directory, including the contents of all its subdirectories, using the rcp command. From your local host, you can also copy files between two remote hosts.
This example copies all files whose names begin with memo and all files whose names end with mail from the user’s local home directory to the directory june_mail in the user’s home directory on host sage. NOTE: Any output generated by commands in a .login, .profile, or .cshrc file on the remote host can cause rcp errors. IMPORTANT: Do not attempt to copy a file over itself, as in the following example: rcp /home/cheryl/.profile /home/cheryl/.profile This can corrupt the file’s contents.
5 Distributing Files Using rdist This chapter contains information about how to use rdist, a program that distributes and maintains identical copies of files across multiple network hosts. You can use rdist to install new or updated software on all the machines in a network.
remote host and must be allowed remote command execution. (The working directory on the remote host is the user’s home directory.) You can also specify a user name on a remote host for rdist that has the appropriate permissions for accessing files on the remote host. For more information, see “Creating the distfile” (page 26).
PAM Configuration File The /etc/pam.conf file is the configuration file for the PAM architecture. The /etc/pam.conf file contains a list of services and each service is paired with a corresponding service module. When a service is requested, its associated module is invoked. Each entry in the /etc/pam.conf file has the following format: Service_name module_type control_flag module_path options. where, service_name module_type This option refers to a service. This option indicates the service module type.
rcomds rcomds auth required /usr/lib/security/libpam_unix.1 account required /usr/lib/security/libpam_unix.1 The remshd and rexecd services use these entries as configuration information for authenticating users. Adding these entries in the /etc/pam.conf file informs rexec and remsh to use the UNIX authentication mechanism to authenticate the users. A service (such as rexec, remsh), can have more than one entry in the /etc/pam.conf file for each of the module types available.
A distfile contains entries of the following types: • • • Definitions of variables that are used with distfile commands. Commands that distribute files to other hosts. Commands to create lists of files that have changed since a specified date. Each of these types of entries is described in the following sections. Variable Definitions You can use variables to represent a list of items, such as the names of files to be distributed or the remote hosts to be updated.
• • directories on that host. Otherwise, the user name on the master host is used to update the remote host. The second entry defines the variable FILES to represent the files and directories to be updated on the remote hosts. The shell meta characters {, }, and * in the second line of this entry are used in the shorthand form that represent the files /usr/include/*.h, /usr/include/stand/*.h, /usr/include/sys/*.h, /usr/include/vax*/*.h and so on. The * character is used as a wildcard.
Table 5-1 The distfile Commands Command Name Description install Copies source files or directories to each host in the destination list. You can specify any of the following options: Performs a binary comparison of the file and updates them if they -b differ. Without this option, rdist updates files only if the size or modification time differs. Allows symbolic links on the master host and copies the files that -h the link points to. Without this option, rdist copies the name of a symbolic link.
directory is removed on the remote host if the corresponding directory does not exist on the master host. For a detailed description of commands and their options, type man 1 rdist at the HP-UX prompt. The following file distribution commands use the variable definitions discussed previously: • ${FILES} -> ${HOSTS} install -R ; except /usr/lib/${EXLIB} ; except /usr/games/lib ; This command distributes the source files defined in the variable FILES to the destination hosts defined in the variable HOSTS.
You can use the notify command to send the list of changed files to a specific user. The following is an example entry with the notify command: ${FILES} :: stamp.cory notify root@cory ; In this example, the list of files that are newer than the timestamp in stamp.cory are mailed to the user root@cory. With the notify command, if an @ symbol appears in the user name, the default value is the remote host name.
Table 5-2 rdist Command-Line Options Option Name Description -b Performs a binary comparison and updates files if they differ. Without this option, rdist updates files only if the size or modification time differs. -h Follows symbolic links on the master host and copies the files that the link points to. Without this option, rdist copies the name of a symbolic link. -i Ignores unresolved links.
install; special "cc"; notify bentley@tbear; Troubleshooting rdist The errors, warnings, and other messages encountered while using rdist are displayed on the standard output of the master host. You can use the notify command to mail a list of the updated files and errors that may have occurred to the specified users on the remote host being updated. To mail the list to a user that is not on the remote host, ensure that you specify the mail recipient as user@host.
6 Executing Commands with remsh remsh allows you to execute commands on a remote HP-UX or UNIX host. remsh is similar to rsh command in 4.2 BSD and later versions. Enabling remsh Before you can use remsh to execute commands on a remote host, you must configure the remote host in one of the following methods: • • You must have an account on the remote host with the same login name as your local login name, and the name of your local host must be in the remote host’s /etc/hosts.equiv file.
• remsh basil find /project -name status.july -print This command uses the find command to look for the file status.july in the project directory on remote host basil. • remsh sage cd /home/sage/mike ;echo Hi, Mike! ">" hi_mike In this command, a user on the local system uses remsh to create a file called hi_mike in the user Mike’s home directory on the remote host sage.
7 Listing Hosts with ruptime ruptime lists status information about HP-UX or UNIX hosts on the local area network. This information is useful in identifying the network hosts that you can use, and how responsive each host is likely to be over the network. Using ruptime For each network host, ruptime displays a status line in the following format: hostname up|down days+hours:minutes n users load n.nn, n.nn, n.
hpabcb hpabcc hpabcd down up up 1:13 1+17:40, 14+06:49, 6 users, 3 users, load 0.18, 0.13, 0.09 load 0.10, 0.38, 0.49 The following example lists hosts sorted by increasing load average; however, idle users are not included: ruptime -r -l hpabca hpabcb hpabcd hpabcc 38 down down up up Listing Hosts with ruptime 14+08:34 1:13 14+06:49, 1+17:40, 3 users, 4 users, load 0.10, 0.38, 0.49 load 0.18, 0.13, 0.
8 Listing Users with rwho rwho lists information about HP-UX or UNIX hosts on the local area network. This information is useful in identifying who is logged into the hosts on the network and who is likely to be at their terminal or workstation. Using rwho For each user logged into a network host, rwho displays an information line in the following format: user host.line user host line month day hours:minutes hours:minutes month day hours:minutes hours:minutes Specifies the user’s login name.
acb bjt chas cjc dae hpabcd:ttyp3 hpabcf:tty3p3 hpabcd:tty3p3 hpabcd:tty1p2 hpabcf:ttyp2 Jun Jun Jun Jun Jun 2 2 2 2 2 08:32 09:35 07:47 07:55 08:28 :19 <--Active :27 <--Active :57 The following example lists all users logged into network hosts, including those that have been idle for more than an hour: rwho -a acb bjt chas cjc dae gen kg scb 40 hpabcd:ttyp3 hpabcf:tty3p3 hpabcd:tty3p3 hpabcd:tty1p2 hpabcf:ttyp2 hpabcd:ttyp4 hpabcd:ttyp0 hpabce:tty3p1 Listing Users with rwho Jun Jun Jun Jun Jun Ju
9 Secure Internet Services Secure Internet Services (SIS) is an optionally enabled mechanism that incorporates Kerberos V5 authentication and authorization for remote access services: ftp, rcp, remsh, rlogin, and telnet. Beginning with HP-UX 11.0, the product was replaced by the SIS mechanism (InternetSvcSec), which incorporates Kerberos V5 Release 1.0 authentication for the remote access services.
System administrators can enforce Kerberos authentication to a service on a particular host. If Kerberos authentication is enforced to a service on a host running the SIS daemons, the host can neither access a secure client using the -P option nor can access a non-secure client. 4.
Index A I anonymous ftp, 19 install command, in rdist distfile, 29 interrupt character, 14 B backspace character, 14 binary transfer, ftp, 19 D distfile, rdist, 24 command entries, 28 creating, 26 except command, 29 except_pat command, 29 install command, 29 list of changed files, 30 notify command, 29 special command, 29 syntax, 26 variable definitions, 27 E erase character, 14 /etc/hosts.
setting up for rdist, 24 .rhosts file, 18, 35 rlogin Secure Internet Services mechanism, 41 ruptime -a option, 37 example, 37 further reading, 37 over X.25 or PPL (SLIP), 37 status line explanation, 37 rwho -a option, 40 example, 39 explanation of status line, 39 further reading, 39 over X.