Rexec means remote execution client for an exec server, it calls the rexec routine to act as a client for the remote host rexecd server. Quite often, like rsh and rlogin, is blamed for its security. However, you need it for some particular taskm, here is the example for quick setup, I'm using SL6 for test, other linux distribution should be same.

 

Suppose host A is the one you want to config rexec server(allow B to rexec), while host B is the client host to run rexec.

Step 1: install packages

There are two packages need to be installed first, for SL6, they are in sl repo.

rsh.x86_64 
rsh-server.x86_64

Step 2: Enable rexec service in xinted

change /etc/xinetd.d/rexec, red color shows the changed value, default is yes.
service shell
{
    socket_type        = stream
    wait            = no
    user            = root
    log_on_success        += USERID
    log_on_failure         += USERID
    server            = /usr/sbin/in.rshd
    disable            = no
}

More xinetd is described in xinetd and tcp wrapper

Step 3: Add rexec services to /etc/securetty

#cat /etc/securetty | grep rexec
rexec

Step 4: enable host and service connection

Add the line below to /etc/hosts.allow

in.rexecd     :  <host B>

or, you can add a wild card like this

ALL         : <host B>

Step 5: enable account access

Add the following line to ~host/.rhosts of the account you want to open rexec

<host B>   +

Restart xinetd service, then you are done.

 

Further checks if still now work

 

6) Check if you server is able to convert client IP address to hostname.

check DNS or /etc/hosts

7) Check your /etc/pam.d/rexec

for example module "pam_nologin.so" can disable login if the file /etc/nologin exists. For more details read /usr/share/doc/pam-0.77/txts/README.pam_nologin

8) Never change /etc/pam.d/rexec to use something other than:

        auth       required     pam_rhosts_auth.so 

The client-server "rexec" protocol is not designed for other authentication than by .rhost files. For example pam_stack.so in section "auth" can corrupt the client/server connection if the "login" program sends password prompt to client. If you need authentication by password use "rlogin" or "ssh".