REXECD(8) | System Manager's Manual | REXECD(8) |
rexecd
— remote
execution server
rexecd |
rexecd
is the server for the
rexec(3) routine. The server
provides remote execution facilities with authentication based on user names
and passwords.
rexecd
listens for service requests at the
port indicated in the ``exec'' service specification; see
services(5). When a service
request is received the following protocol is initiated:
\0
’) byte. The resultant string is
interpreted as an ASCII number, base 10.rexecd
then validates the user as is done at login
time and, if the authentication was successful, changes to the user's home
directory, and establishes the user and group protections of the user. If
any of these steps fail the connection is aborted with a diagnostic
message returned.rexecd
.Except for the last one listed below, all diagnostic messages are returned on the initial socket, after which any network connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step 7 above upon successful completion of all the steps prior to the command execution).
The rexecd
command appeared in
4.2BSD.
Indicating ``Login incorrect'' as opposed to ``Password incorrect'' is a security breach which allows people to probe a system for users with null passwords.
A facility to allow all data and password exchanges to be encrypted should be present.
As the passwords exchanged by the client and
rexecd
are not encrypted, it is
strongly
recommended that this service is not enabled.
June 1, 1994 | NetBSD 10.99 |