rexecd(1M)rexecd(1M)NAMErexecd - remote execution server
SYNOPSISDESCRIPTION
is the server for the routine, and the routine in case of IPv6 systems;
it expects to be started by the internet daemon (see inetd(1M)). pro‐
vides remote execution facilities with authentication based on user
account names and unencrypted passwords.
calls when a service request is received at the port indicated for the
``exec'' service specification in see services(4). To run the follow‐
ing line should be present in
The above configuration line will start in mode. To run in mode, the
following line must be present in the file:
That is, for IPv6 applications, the protocol has to be changed to See
inetd.conf(4) for more information.
Options
recognizes the following options.
With this option enabled,
returns immediately after its child process gets killed;
it does not wait for all its sub child processes to die.
This in turn makes not wait even when the sub child pro‐
cesses are running remotely. As a result, will not
appear hung. It is recommended that users do not use the
option if they want to wait until the completion of all
the sub child processes. Otherwise, the user may get an
unexpected result.
This option is applicable only to with a secondary socket
connection.
Note that even with the option enabled will exit if com‐
mand standard error is closed.
Disable transport-level keep-alive messages. By
default, the messages are enabled. The keep-alive mes‐
sages allow sessions to time out if the client crashes or
becomes unreachable.
This option is used in multi-homed NIS systems. It disables
from doing a reverse lookup of the client's IP address;
see gethostbyname(3N) for more information. It can be
used to circumvent an NIS limitation with multi-homed
hosts.
Disallow logging in as a superuser.
When a service request is received, the following protocol is initi‐
ated:
1. The server reads characters from the socket up to a null
byte. The resultant string is interpreted as an ASCII num‐
ber, base 10.
2. If the number received in step 1 is non-zero, it is inter‐
preted as the port number of a secondary stream to be used
for the A second connection is then created to the specified
port on the client's host. If the first character sent is a
null no secondary connection is made and the of the command
is sent to the primary stream. If the secondary connection
has been made, interprets bytes it receives on that socket
as signal numbers and passes them to the command as signals
(see signal(2)).
3. A null-terminated user name of not more than 256 characters
is retrieved on the initial socket.
4. A null-terminated, unencrypted password of not more than 16
characters is retrieved on the initial socket.
5. A null-terminated command to be passed to a shell is
retrieved on the initial socket. The length of the command
is limited by the upper bound on the size of the system's
argument list.
6. then validates the user, as is done by using PAM modules for
authentication. See login(1) for more information. If the
authentication succeeds, changes to the user's home direc‐
tory and establishes the user and group protections of the
user. If any of these steps fail, returns a diagnostic mes‐
sage through the connection, then closes the connection.
NOTE: The option cannot be specified in the file for
7. A null byte is returned on the connection associated with
and the command line is passed to the normal login shell of
the user with that shell's option. The shell inherits the
network connections established by
uses the following path when executing the specified command:
Transport-level keepalive messages are enabled unless the option is
present. The use of keepalive messages allows sessions to be timed out
if the client crashes or becomes unreachable.
SECURITY FEATURES
For detailed information on all the configuration parameters that
affect see security(4). supports the following configuration parame‐
ters in the file:
·
·
DIAGNOSTICS
All diagnostic messages are returned on the connection associated with
the after which any network connections are closed. An error is indi‐
cated by a leading byte with a value of 1 (0 is returned in step 7
above upon successful completion of all the steps prior to the command
execution).
The user name is longer than 256 characters.
The password is longer than 16 characters.
The command line passed exceeds the size of the argument list
(as configured into the system).
No password file entry for the user name existed
or the wrong password was supplied.
The command to the home directory failed.
The server was unable to fork a process to handle the incoming
connection.
Wait a period of time and try again. If the message per‐
sists, then the server's host may have a runaway process
that is using all the entries in the process table.
The user's login shell could not be started via
for the given reason.
WARNINGS
The password is sent unencrypted through the socket connection.
AUTHOR
was developed by the University of California, Berkeley.
SEE ALSOlogin(1), remsh(1), inetd(1M), signal(2), gethostbyname(3N), rexec(3N),
rexec_af(3N), inetd.conf(4), inetd.sec(4), security(4), services(4).
rexecd(1M)