After creating the distfile on the master host, you can start rdist from the command line or from a cron file. rdist must be run as root on the master host. There are two forms of the rdist command syntax. One form is the following:
/usr/bin/rdist [-b] [-h] [-i] [-n] [-q] [-R] [-v] [-w]
[-y] [-d var=value] [-f distfile] [-m host] ... [label] |
-d var=value sets the value of the variable var to value. value can be an empty string, one name, or a list of
names separated by tabs and/or spaces and enclosed by a pair of
parentheses. The -d option is used to define variable definitions
in the distfile. However, if you specify the -d option for a variable that is already defined
in the distfile, the -d option has no effect (because the distfile overrides
the -d option).
-f distfile specifies distfile as the distfile to be used to update files and
directories. If the distfile is not specified, rdist looks in the current working directory for the
file distfile, then the file Distfile.
-m host limits the updates to host, which is one of the hosts previously identified
in the distfile. Multiple -m arguments may be specified.
label performs only the command entries specified by label in the distfile.
Other options are listed in Table 10-2 “rdist Command Line Options”.
The other form of the rdist command syntax is:
/usr/bin/rdist [-b] [-h] [-i] [-n] [-q] [-R] [-v] [-w]
[-y] -c pathname ... [login@]host[:destpath] |
-c pathname ... [login@]host[:destpath] updates file(s) in pathname on the remote host host. (The -c arguments are interpreted as a distfile.) login specifies the user name used to perform the update. destpath specifies the path name of the installed file
on the remote host.
Other options are listed in Table 10-2 “rdist Command Line Options”.
Table 10-2 rdist Command Line Options
-b | Performs
a binary comparison and updates files if they differ. Without this
option, rdist updates files only if the size or modification
time differs. |
-h | Follows
symbolic links on the master host and copies the file(s) that the
link points to. Without this option, rdist copies the name of a symbolic link. |
-i | Ignores
unresolved links. Without this option, rdist tries to maintain the link structure of the files
being copied and sends out warnings if any link cannot be found. |
-M | Checks
that mode, ownership, and group of updated files on the remote host
are the same as the master copy and updates the files if they differ.
This is done in addition to any other comparison that may be in
effect. |
-n | Prints rdist commands on standard output on the master host
without executing them. This option is useful for debugging a distfile. |
-q | Suppresses
printing of files being modified to standard output on the master
host. |
-R | Removes
files in the remote host's directory that do not exist
on the master directory. |
-v | Displays
the files that are out of date on the remote host but does not update
any files or send any mail. |
-w | Appends
the full path name (including directory subtree) to a destination
directory name. |
-y | Does not
update files on the remote host that are newer than the master copy. |
Example Output on the Master Host |
 |
This section shows an example of what is displayed on the
standard output on the master host when rdist is run. An example distfile is shown below:
HOSTS = (lassie benji )
FILES = ( myprog.c )
${FILES} -> ${HOSTS}
install;
special "cc";
notify bentley@tbear; |
rdist is started with no command line options. The display
on the standard output on the master host is shown below:
% /usr/bin/rdist
updating host lassie
installing: myprog.c
special "cc"
notify @lassie (bentley@tbear)
updating host benji
installing: myprog.c
special "cc"
notify @benji (bentley@tbear) |
Authentication for remsh and rexec Sercvices |
|
Pluggable Authenticaion Modules (PAM) for authentication is
supported on HP-UX. PAM support enables users who are not listed
in /etc/passwd file to use the rexecd and remshd service. It
also enbles you to use authentication methods other than the standard
UNIX authentication. DCE integrated login and Kerberos are authentication mechanisms
you can use in addition to standard UNIX authentication.
The rexecd and remshd services will use the authentication
mechanism specified in "OTHER" directive of the /etc/pam.conf file. To use other authentication methods, you
must edit the /etc/pam.conf file.
The Pluggable Authentication Module Configuration
File
The /etc/pam.conf file is the configuration file for the Pluggable Authentication
Module architecture (PAM). The pam.conf file contains a list of services. Each service
is paired with a corresponding service module. When a service is
requested, its associated module is invoked. Each entry in the /etc/pam.conf
file has the following format:
Service_name module_type control_flag module_path options. |
Refer to the pam.conf manpage for a detailed description of
each of the fields mentioned above.
Enabling Standard UNIX Authentication on rexecd and
remshd Services
To use the rexec and remsh services enabled with PAM, add
the following lines to the /etc/pam.conf file:
rcomds auth required /usr/lib/security/libpam_unix.1
rcomds account required /usr/lib/security/libpam_unix.1 |
The remshd and rexecd services will use the above entries
as configuration information for authenticating users. Adding the
lines above tell rexec and remsh to use the UNIX authentication
mechanism to authenticate the users.
For every service (like rexec and remsh), it is possible to
have more than one entry in the /etc/pam.conf file for each of the module types available. The module
types supported include:
account management (account)
session management (session)
password management (passwd)
Enabling DCE Integrated Logging Authentication
To enable DCE integrated logging authentication mechanism,
add the following line to the /etc/pam.conf file:
rcomds auth required /usr/lib/security/libpam_dce.1 |
Using remshd enabled with PAM in Secure Internet Services Environment
The rexec service is not kerberised and will not work in the
SIS environment. However, the remshd service is kerberised. To use
the PAM modules in the SIS environment, add the following line to
the /etc/pam.conf file.
rcomds auth required /usr/lib/security/libpam_dce.1 |
Also in the Kerberos environment, remshd has command line
options for combining UNIX method and Kerberos method of authentication.
A combination of both Kerberos and UNIX authentication is available. These
command line options can be set in the /etc/inetd.conf for the "kremshd"
service. Refer to the kremshd(1m) manpage for a more detailed description
of the options available.
