| 1 | .\" Copyright (c) 1983 The Regents of the University of California. |
| 2 | .\" All rights reserved. |
| 3 | .\" |
| 4 | .\" Redistribution and use in source and binary forms are permitted |
| 5 | .\" provided that the above copyright notice and this paragraph are |
| 6 | .\" duplicated in all such forms and that any documentation, |
| 7 | .\" advertising materials, and other materials related to such |
| 8 | .\" distribution and use acknowledge that the software was developed |
| 9 | .\" by the University of California, Berkeley. The name of the |
| 10 | .\" University may not be used to endorse or promote products derived |
| 11 | .\" from this software without specific prior written permission. |
| 12 | .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
| 13 | .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
| 14 | .\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| 15 | .\" |
| 16 | .\" @(#)rexecd.8 6.3 (Berkeley) %G% |
| 17 | .\" |
| 18 | .TH REXECD 8 "" |
| 19 | .UC 5 |
| 20 | .SH NAME |
| 21 | rexecd \- remote execution server |
| 22 | .SH SYNOPSIS |
| 23 | .B /etc/rexecd |
| 24 | .SH DESCRIPTION |
| 25 | .I Rexecd |
| 26 | is the server for the |
| 27 | .IR rexec (3) |
| 28 | routine. The server provides remote execution facilities |
| 29 | with authentication based on user names and |
| 30 | passwords. |
| 31 | .PP |
| 32 | .I Rexecd |
| 33 | listens for service requests at the port indicated in |
| 34 | the ``exec'' service specification; see |
| 35 | .IR services (5). |
| 36 | When a service request is received the following protocol |
| 37 | is initiated: |
| 38 | .IP 1) |
| 39 | The server reads characters from the socket up |
| 40 | to a null (`\e0') byte. The resultant string is |
| 41 | interpreted as an ASCII number, base 10. |
| 42 | .IP 2) |
| 43 | If the number received in step 1 is non-zero, |
| 44 | it is interpreted as the port number of a secondary |
| 45 | stream to be used for the |
| 46 | .BR stderr . |
| 47 | A second connection is then created to the specified |
| 48 | port on the client's machine. |
| 49 | .IP 3) |
| 50 | A null terminated user name of at most 16 characters |
| 51 | is retrieved on the initial socket. |
| 52 | .IP 4) |
| 53 | A null terminated, unencrypted password of at most |
| 54 | 16 characters is retrieved on the initial socket. |
| 55 | .IP 5) |
| 56 | A null terminated command to be passed to a |
| 57 | shell is retrieved on the initial socket. The length of |
| 58 | the command is limited by the upper bound on the size of |
| 59 | the system's argument list. |
| 60 | .IP 6) |
| 61 | .I Rexecd |
| 62 | then validates the user as is done at login time |
| 63 | and, if the authentication was successful, changes |
| 64 | to the user's home directory, and establishes the user |
| 65 | and group protections of the user. |
| 66 | If any of these steps fail the connection is |
| 67 | aborted with a diagnostic message returned. |
| 68 | .IP 7) |
| 69 | A null byte is returned on the initial socket |
| 70 | and the command line is passed to the normal login |
| 71 | shell of the user. The |
| 72 | shell inherits the network connections established |
| 73 | by |
| 74 | .IR rexecd . |
| 75 | .SH DIAGNOSTICS |
| 76 | Except for the last one listed below, |
| 77 | all diagnostic messages are returned on the initial socket, |
| 78 | after which any network connections are closed. |
| 79 | An error is indicated by a leading byte with a value of |
| 80 | 1 (0 is returned in step 7 above upon successful completion |
| 81 | of all the steps prior to the command execution). |
| 82 | .PP |
| 83 | .B ``username too long'' |
| 84 | .br |
| 85 | The name is |
| 86 | longer than 16 characters. |
| 87 | .PP |
| 88 | .B ``password too long'' |
| 89 | .br |
| 90 | The password is longer than 16 characters. |
| 91 | .PP |
| 92 | .B ``command too long '' |
| 93 | .br |
| 94 | The command line passed exceeds the size of the argument |
| 95 | list (as configured into the system). |
| 96 | .PP |
| 97 | .B ``Login incorrect.'' |
| 98 | .br |
| 99 | No password file entry for the user name existed. |
| 100 | .PP |
| 101 | .B ``Password incorrect.'' |
| 102 | .br |
| 103 | The wrong was password supplied. |
| 104 | .PP |
| 105 | .B ``No remote directory.'' |
| 106 | .br |
| 107 | The |
| 108 | .I chdir |
| 109 | command to the home directory failed. |
| 110 | .PP |
| 111 | .B ``Try again.'' |
| 112 | .br |
| 113 | A |
| 114 | .I fork |
| 115 | by the server failed. |
| 116 | .PP |
| 117 | .B ``<shellname>: ...'' |
| 118 | .br |
| 119 | The user's login shell could not be started. |
| 120 | This message is returned |
| 121 | on the connection associated with the |
| 122 | .BR stderr , |
| 123 | and is not preceded by a flag byte. |
| 124 | .SH SEE ALSO |
| 125 | rexec(3) |
| 126 | .SH BUGS |
| 127 | Indicating ``Login incorrect'' as opposed to ``Password incorrect'' |
| 128 | is a security breach which allows people to probe a system for users |
| 129 | with null passwords. |
| 130 | .PP |
| 131 | A facility to allow all data and password exchanges to be encrypted should be |
| 132 | present. |