rexecd(1M) rexecd(1M)
NAME
rexecd - remote execution server
SYNOPSIS
DESCRIPTION
is the server for the routine, and the routine in case of IPv6 systems; it expects to be started by the internet daemon (see inetd(1M)).
provides remote execution facilities with authentication based on user account names and unencrypted passwords.
calls when a service request is received at the port indicated for the ``exec'' service specification in see services(4). To run the fol-
lowing line should be present in
The above configuration line will start in mode. To run in mode, the following line must be present in the file:
That is, for IPv6 applications, the protocol has to be changed to See inetd.conf(4) for more information.
Options
recognizes the following options.
With this option enabled,
returns immediately after its child process gets killed; it does not wait for all its sub child processes to die. This in
turn makes not wait even when the sub child processes are running remotely. As a result, will not appear hung. It is recom-
mended that users do not use the option if they want to wait until the completion of all the sub child processes. Otherwise,
the user may get an unexpected result.
This option is applicable only to with a secondary socket connection.
Note that even with the option enabled will exit if command standard error is closed.
Disable transport-level keep-alive messages. By
default, the messages are enabled. The keep-alive messages allow sessions to time out if the client crashes or becomes
unreachable.
This option is used in multi-homed NIS systems. It disables
from doing a reverse lookup of the client's IP address; see gethostbyname(3N) for more information. It can be used to cir-
cumvent an NIS limitation with multi-homed hosts.
Disallow logging in as a superuser.
When a service request is received, the following protocol is initiated:
1. The server reads characters from the socket up to a null byte. The resultant string is interpreted as an ASCII number, base 10.
2. If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary stream to be used for the A
second connection is then created to the specified port on the client's host. If the first character sent is a null no sec-
ondary connection is made and the of the command is sent to the primary stream. If the secondary connection has been made,
interprets bytes it receives on that socket as signal numbers and passes them to the command as signals (see signal(2)).
3. A null-terminated user name of not more than 256 characters is retrieved on the initial socket.
4. A null-terminated, unencrypted password of not more than 16 characters is retrieved on the initial socket.
5. A null-terminated command to be passed to a shell is retrieved on the initial socket. The length of the command is limited by
the upper bound on the size of the system's argument list.
6. then validates the user, as is done by using PAM modules for authentication. See login(1) for more information. If the authen-
tication succeeds, changes to the user's home directory and establishes the user and group protections of the user. If any of
these steps fail, returns a diagnostic message through the connection, then closes the connection.
NOTE: The option cannot be specified in the file for
7. A null byte is returned on the connection associated with and the command line is passed to the normal login shell of the user
with that shell's option. The shell inherits the network connections established by
uses the following path when executing the specified command:
Transport-level keepalive messages are enabled unless the option is present. The use of keepalive messages allows sessions to be timed out
if the client crashes or becomes unreachable.
SECURITY FEATURES
For detailed information on all the configuration parameters that affect see security(4). supports the following configuration parameters
in the file:
o
o
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with the after which any network connections are closed. An error is
indicated by a leading byte with a value of 1 (0 is returned in step 7 above upon successful completion of all the steps prior to the com-
mand execution).
The user name is longer than 256 characters.
The password is longer than 16 characters.
The command line passed exceeds the size of the argument list
(as configured into the system).
No password file entry for the user name existed
or the wrong password was supplied.
The command to the home directory failed.
The server was unable to fork a process to handle the incoming connection.
Wait a period of time and try again. If the message persists, then the server's host may have a runaway process that is
using all the entries in the process table.
The user's login shell could not be started via
for the given reason.
WARNINGS
The password is sent unencrypted through the socket connection.
AUTHOR
was developed by the University of California, Berkeley.
SEE ALSO
login(1), remsh(1), inetd(1M), signal(2), gethostbyname(3N), rexec(3N), rexec_af(3N), inetd.conf(4), inetd.sec(4), security(4), ser-
vices(4).
rexecd(1M)