NAME    [Toc]    [Back]

       rexecd - The remote execution server

SYNOPSIS    [Toc]    [Back]

       rexecd [-s]

OPTIONS    [Toc]    [Back]

       Causes  rexecd  to  check  for  the  ptys  keyword  in the
       /etc/securettys file and to deny execution of the  request
       if it is from root and on a pseudoterminal.

DESCRIPTION    [Toc]    [Back]

       The  rexecd daemon is the server for the rexec(3) routine.
       The  server  provides  remote  execution  facilities  with
       authentication based on usernames and passwords.

       The rexecd daemon listens for service requests at the port
       indicated in the  exec  service  specification;  see  services(4).  When a service request is received, the following
 protocol is initiated:  The  server  reads  characters
       from  the  socket up to a null (`\0') byte.  The resultant
       string is interpreted as an ASCII number, base 10.  If the
       number received in step 1 is nonzero, it is interpreted as
       the port number of a secondary stream to be used  for  the
       stderr.  A second connection is then created to the specified
 port on  the  client's  machine.   A  null-terminated
       username  of  at most 16 bytes is retrieved on the initial
       socket.  A null-terminated,  unencrypted  password  of  at
       most 80 bytes is retrieved on the initial socket.  A nullterminated
 command to be passed to a shell is retrieved on
       the  initial socket.  The length of the command is limited
       by the upper bound on the size of  the  system's  argument
       list.   The  rexecd  server  then validates the user as is
       done at login time and, if started  with  the  -s  option,
       verifies  that  the  /etc/securettys  file is not setup to
       deny the user.  If the authentication was successful, rexecd
  changes to the user's home directory, and establishes
       the user and group protections for the  user.  If  any  of
       these  steps  fail, the connection is aborted with a diagnostic
 message returned.  A null byte is returned  on  the
       initial  socket and the command line is passed to the normal
 login shell of the user.  The shell inherits the  network
 connections established by rexecd.

DIAGNOSTICS    [Toc]    [Back]

       Except  for  the last diagnostic message listed, all diagnostic
 messages are returned on the initial socket,  after
       which  any  network  connections  are  closed. An error is
       indicated by a leading byte  with  a  value  of  1  (0  is
       returned in step 7 above upon successful completion of all
       the steps prior to the command execution).   The  name  is
       longer  than  16  bytes.   The  password is longer than 80
       bytes.  The command line passed exceeds the  size  of  the
       argument  list  (as configured into the system).  No password
 file entry for the username existed.  The wrong password
  was  supplied.  The chdir command to the home directory
 failed.  A fork by the  server  failed.   The  user's
       login shell could not be started. This message is returned
       on the connection associated with stderr and is  not  preceded
 by a option byte.

CAUTIONS    [Toc]    [Back]

       Indicating  Login  incorrect as opposed to Password incorrect
 is a security breach that allows people  to  probe  a
       system for users with null passwords.

FILES    [Toc]    [Back]

       Specifies the command path

SEE ALSO    [Toc]    [Back]

       Functions: rexec(3)

       Files: securettys(4)



                                                        rexecd(8)