rexecd(ADMN)
rexecd --
remote execution server
Syntax
/etc/rexecd [ -r ]
Description
rexecd is the server for the
rexec(SLIB)
routine. The server provides remote execution facilities
with authentication based on user names and passwords.
rexecd listens for service requests at the port
indicated in the ``exec'' service specification; see
services(SFF).
When a service request is received, the following protocol
is initiated:
-
The server reads characters from the socket up to a null
(\0) byte. The resultant string is interpreted as an
ASCII number, base 10.
-
If the number received in step 1 is non-zero, it is
interpreted as the port number of a secondary stream to be
used for the stderr. A second connection is then
created to the specified port on the client's machine.
-
A null-terminated user name of at most 16 characters is
retrieved on the initial socket.
-
A null-terminated, unencrypted password of at most 16
characters is retrieved on the initial socket.
-
A null-terminated command to be passed to a shell is
retrieved on the initial socket. The length of the command
is limited by the upper bound on the size of the system's
argument list.
-
rexecd then validates the user as is done at
login time and, if the authentication was successful,
changes to the user's home directory, and establishes the
user and group protections of the user. If any of these
steps fail, the connection is aborted with a diagnostic
message returned.
-
A null byte is returned on the initial socket and the
command line is passed to the normal login shell of the
user. The shell inherits the network connections
established by rexecd.
rexecd is started by the ``super server''
inetd and, therefore, must have an entry in
inetd's configuration file,
/etc/inetd.conf.
The -r option prevents root users from
logging in to rexecd.
Diagnostics
Except for the last one listed below, all diagnostic
messages are returned on the initial socket, after which
any network connections are closed. An error is indicated
by a leading byte with a value of 1 (0 is returned in step
7 above upon successful completion of all the steps prior
to the command execution).
username too long-
The name is longer than 16 characters.
password too long-
The password is longer than 16 characters.
command too long-
The command line passed exceeds the size of the argument
list (as configured into the system).
Login incorrect-
One of the following conditions was detected:
-
No password file entry for the user name exists.
-
The -r option to rexecd is used and the
user is root.
-
The wrong password was supplied.
-
The chdir command to the home directory failed.
-
The rexecd command syntax in inetd.conf is
incorrect. In this event, an error message is written to the
system log.
Try again-
A fork by the server failed.
<shellname>:...-
The user's login shell could not be started.
This message is returned
on the connection associated with the stderr
and is not preceded by a flag byte.
Limitations
A facility to allow all data and password exchanges to be
encrypted should be present.
See also
rexec(SLIB),
inetd(ADMN),
inetd.conf(SFF),
services(SFF)
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003