unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



rexecd(8)							    rexecd(8)



NAME

  rexecd - The remote execution	server

SYNOPSIS

  rexecd [-s]

OPTIONS

  -s  Causes rexecd to check for the ptys keyword in the /etc/securettys file
      and to deny execution of the request if it is from root and on a pseu-
      doterminal.

DESCRIPTION

  The rexecd daemon is the server for the rexec(3) routine.  The server	pro-
  vides	remote execution facilities with authentication	based on usernames
  and passwords.

  The rexecd daemon listens for	service	requests at the	port indicated in the
  exec service specification; see services(4).	When a service request is
  received, the	following protocol is initiated:

   1.  The server reads	characters from	the socket up to a null	(`\0') byte.
       The resultant string is interpreted as an ASCII number, base 10.

   2.  If the number received in step 1	is nonzero, it is interpreted as the
       port number of a	secondary stream to be used for	the stderr. A second
       connection is then created to the specified port	on the client's
       machine.

   3.  A null-terminated username of at	most 16	bytes is retrieved on the
       initial socket.

   4.  A null-terminated, unencrypted password of at most 80 bytes is
       retrieved on the	initial	socket.

   5.  A null-terminated command to be passed to a shell is retrieved on the
       initial socket.	The length of the command is limited by	the upper
       bound on	the size of the	system's argument list.

   6.  The rexecd server then validates	the user as is done at login time
       and, if started with the	-s option, verifies that the /etc/securettys
       file is not setup to deny the user.  If the authentication was suc-
       cessful,	rexecd changes to the user's home directory, and establishes
       the user	and group protections for the user. If any of these steps
       fail, the connection is aborted with a diagnostic message returned.

   7.  A null byte is returned on the initial socket and the command line is
       passed to the normal login shell	of the user.  The shell	inherits the
       network connections established by rexecd.


DIAGNOSTICS

  Except for the last diagnostic message listed, all diagnostic	messages are
  returned on the initial socket, after	which any network connections are
  closed. An error is indicated	by a leading byte with a value of 1 (0 is
  returned in step 7 above upon	successful completion of all the steps prior
  to the command execution).

  Username too long.
      The name is longer than 16 bytes.

  Password too long.
      The password is longer than 80 bytes.

  Command too long.
      The command line passed exceeds the size of the argument list (as	con-
      figured into the system).

  Login	incorrect.
      No password file entry for the username existed.

  Password incorrect.
      The wrong	password was supplied.

  No remote directory.
      The chdir	command	to the home directory failed.

  Try again.
      A	fork by	the server failed.

  shellname: ...
      The user's login shell could not be started. This	message	is returned
      on the connection	associated with	stderr and is not preceded by a
      option byte.

CAUTIONS

  Indicating Login incorrect as	opposed	to Password incorrect is a security
  breach that allows people to probe a system for users	with null passwords.

FILES

  /usr/sbin/rexecd
      Specifies	the command path

SEE ALSO

  Functions: rexec(3)

  Files: securettys(4)