Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
REXECD(8)		  BSD System Manager's Manual		     REXECD(8)

     rexecd -- remote execution	server

     rexecd [-i]

     The rexecd	utility	is the server for the rexec(3) routine.	 The server
     provides remote execution facilities with authentication based on user
     names and passwords.

     The rexecd	utility	listens	for service requests at	the port indicated in
     the ``exec'' service specification; see services(5).  When	a service re-
     quest is received the following protocol is initiated:

     1.	  The server reads characters from the socket up to a NUL (`\0') byte.
	  The resultant	string is interpreted as an ASCII number, base 10.

     2.	  If the number	received in step 1 is non-zero,	it is interpreted as
	  the port number of a secondary stream	to be used for the stderr.  A
	  second connection is then created to the specified port on the
	  client's machine.

     3.	  A NUL	terminated user	name of	at most	16 characters is retrieved on
	  the initial socket.

     4.	  A NUL	terminated, unencrypted	password of at most 16 characters is
	  retrieved on the initial socket.

     5.	  A NUL	terminated command to be passed	to a shell is retrieved	on the
	  initial socket.  The length of the command is	limited	by the upper
	  bound	on the size of the system's argument list.

     6.	  The rexecd utility then validates the	user as	is done	at login time
	  and, if the authentication was successful, changes to	the user's
	  home directory, and establishes the user and group protections of
	  the user.  If	any of these steps fail	the connection is aborted with
	  a diagnostic message returned.

     7.	  A NUL	byte is	returned on the	initial	socket and the command line is
	  passed to the	normal login shell of the user.	 The shell inherits
	  the network connections established by rexecd.

     The rexecd	utility	will not allow root logins unless the -i option	is
     given on the command line (typically in /etc/inetd.conf).	It will	also
     disallow access for users listed in /etc/ftpusers,	or users with no pass-
     words, which were all serious security holes.  The	entire concept of
     rexec/rexecd is a major security hole and an example of how not to	do
     things.  The rexecd utility is disabled by	default	in /etc/inetd.conf.

     Except for	the last one listed below, all diagnostic messages are re-
     turned on the initial socket, after which any network connections are
     closed.  An error is indicated by a leading byte with a value of 1	(0 is
     returned in step 7	above upon successful completion of all	the steps
     prior to the command execution).

     username too long
	     The name is longer	than 16	characters.

     password too long
	     The password is longer than 16 characters.

     command too long
	     The command line passed exceeds the size of the argument list (as
	     configured	into the system).

     Login incorrect.
	     No	password file entry for	the user name existed.

     Password incorrect.
	     The wrong password	was supplied.

     No	remote directory.
	     The chdir(1) command to the home directory	failed.

     Try again.
	     A fork(2) by the server failed.

     <shellname>: ...
	     The user's	login shell could not be started.  This	message	is re-
	     turned on the connection associated with the stderr, and is not
	     preceded by a flag	byte.


     A facility	to allow all data and password exchanges to be encrypted
     should be present.

     The rexecd	utility	appeared in 4.2BSD.

BSD			      September	23, 1994			   BSD


Want to link to this manual page? Use this URL:

home | help