rexecd(1M) rexecd(1M)NAME rexecd - remote execution server SYNOPSIS /usr/etc/in.rexecd host.port DESCRIPTION rexecd is the server for the rexec(3N) routine. The server provides remote execution facilities with authentication based on user names and encrypted passwords. rexecd listens for service requests at the port indicated in the exec service specification; see services(4N). When it receives a service request, it initiates the following pro- tocol: 1. The server reads characters from the socket up to a null (``\0'') byte. It interprets the resultant string as an ASCII number, base 10. 2. If rexecd receives a number (in step 1) which is non- zero, it interprets it as the port number of a secondary stream to use for the stderr. It then creates a second connection to the specified port on the client's machine. The client's host address (in hex) and port number (in decimal) are the arguments passed to rexecd. 3. rexecd retrieves a null-terminated user name up to 16 characters long on the initial socket. 4. rexecd retrieves a null-terminated, encrypted, password up to 16 characters long on the initial socket. 5. rexecd retrieves a null-terminated command on the initial socket to pass to a shell. The command length is limited by the size of the system's argument list. 6. rexecd validates the user as is done at login time. If the user is authenticated, it changes to the user's home directory, and establishes user and group protections. If any of these steps fail, rexecd aborts the connection aborted and returns a diagnostic message. 7. rexecd returns a null byte on the connection associated with the stderr and passes the command line to the normal login shell of the user. The shell inherits the network connections established by rexecd. DIAGNOSTICS rexecd returns all diagnostic messages on the connection as- sociated with the stderr, after which it closes any network connections. It indicates an error by a leading byte with a April, 1990 1
rexecd(1M) rexecd(1M)value of 1 (it returns 0 in step 7 above if it has success- fully completed all the steps up to command execution). username too long The name is longer than 16 characters. password too long The password is longer than 16 characters. command too long The command line passed exceeds the size of the argument list (as configured into the system). Login incorrect. There is no password file entry for the user name. Password incorrect. You supplied the wrong password. No remote directory. The chdir command to the home directory failed. Try again. A fork by the server failed. /bin/sh: ... Could not start the user's login shell. FILES /usr/etc/in.rexecd BUGS Indicating Login incorrect instead of Password incorrect is a security breach which allows people to probe a system for users with null passwords. There should be a facility allowing all data exchanges to be encrypted. 2 April, 1990