![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to rexecd.8 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDTahoe / man / man8|
Return to rexecd.8 CVS log | Up to [CSRG BSD Unix] / 43BSDTahoe / man / man8 |
1.1 root 1: .\" Copyright (c) 1983 Regents of the University of California.
2: .\" All rights reserved. The Berkeley software License Agreement
3: .\" specifies the terms and conditions for redistribution.
4: .\"
5: .\" @(#)rexecd.8c 6.2 (Berkeley) 5/9/86
6: .\"
7: .TH REXECD 8C "May 9, 1986"
8: .UC 5
9: .SH NAME
10: rexecd \- remote execution server
11: .SH SYNOPSIS
12: .B /etc/rexecd
13: .SH DESCRIPTION
14: .I Rexecd
15: is the server for the
16: .IR rexec (3X)
17: routine. The server provides remote execution facilities
18: with authentication based on user names and
19: passwords.
20: .PP
21: .I Rexecd
22: listens for service requests at the port indicated in
23: the ``exec'' service specification; see
24: .IR services (5).
25: When a service request is received the following protocol
26: is initiated:
27: .IP 1)
28: The server reads characters from the socket up
29: to a null (`\e0') byte. The resultant string is
30: interpreted as an ASCII number, base 10.
31: .IP 2)
32: If the number received in step 1 is non-zero,
33: it is interpreted as the port number of a secondary
34: stream to be used for the
35: .BR stderr .
36: A second connection is then created to the specified
37: port on the client's machine.
38: .IP 3)
39: A null terminated user name of at most 16 characters
40: is retrieved on the initial socket.
41: .IP 4)
42: A null terminated, unencrypted password of at most
43: 16 characters is retrieved on the initial socket.
44: .IP 5)
45: A null terminated command to be passed to a
46: shell is retrieved on the initial socket. The length of
47: the command is limited by the upper bound on the size of
48: the system's argument list.
49: .IP 6)
50: .I Rexecd
51: then validates the user as is done at login time
52: and, if the authentication was successful, changes
53: to the user's home directory, and establishes the user
54: and group protections of the user.
55: If any of these steps fail the connection is
56: aborted with a diagnostic message returned.
57: .IP 7)
58: A null byte is returned on the initial socket
59: and the command line is passed to the normal login
60: shell of the user. The
61: shell inherits the network connections established
62: by
63: .IR rexecd .
64: .SH DIAGNOSTICS
65: Except for the last one listed below,
66: all diagnostic messages are returned on the initial socket,
67: after which any network connections are closed.
68: An error is indicated by a leading byte with a value of
69: 1 (0 is returned in step 7 above upon successful completion
70: of all the steps prior to the command execution).
71: .PP
72: .B ``username too long''
73: .br
74: The name is
75: longer than 16 characters.
76: .PP
77: .B ``password too long''
78: .br
79: The password is longer than 16 characters.
80: .PP
81: .B ``command too long ''
82: .br
83: The command line passed exceeds the size of the argument
84: list (as configured into the system).
85: .PP
86: .B ``Login incorrect.''
87: .br
88: No password file entry for the user name existed.
89: .PP
90: .B ``Password incorrect.''
91: .br
92: The wrong was password supplied.
93: .PP
94: .B ``No remote directory.''
95: .br
96: The
97: .I chdir
98: command to the home directory failed.
99: .PP
100: .B ``Try again.''
101: .br
102: A
103: .I fork
104: by the server failed.
105: .PP
106: .B ``<shellname>: ...''
107: .br
108: The user's login shell could not be started.
109: This message is returned
110: on the connection associated with the
111: .BR stderr ,
112: and is not preceded by a flag byte.
113: .SH SEE ALSO
114: rexec(3X)
115: .SH BUGS
116: Indicating ``Login incorrect'' as opposed to ``Password incorrect''
117: is a security breach which allows people to probe a system for users
118: with null passwords.
119: .PP
120: A facility to allow all data and password exchanges to be encrypted should be
121: present.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.