home *** CD-ROM | disk | FTP | other *** search
-
-
-
- RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM)))) RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM))))
-
-
-
- NNNNAAAAMMMMEEEE
- rexecd - remote execution server
-
- SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
- ////uuuussssrrrr////eeeettttcccc////rrrreeeexxxxeeeeccccdddd [ ----llll ]
-
- DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
- _R_e_x_e_c_d is the server for the _r_e_x_e_c(3N) routine. The server provides
- remote execution facilities with authentication based on user names and
- passwords. NNNNOOOOTTTTEEEE: password aging is not supported by this daemon.
-
- _R_e_x_e_c_d listens for service requests at the port indicated in the ``exec''
- service specification; see _s_e_r_v_i_c_e_s(4). When a service request is
- received the following protocol is initiated:
-
- 1) The server reads characters from the socket up to a null (`\0')
- byte. The resultant string is interpreted as an ASCII number, base
- 10.
-
- 2) If the number received in step 1 is non-zero, it is interpreted as
- the port number of a secondary stream to be used for the ssssttttddddeeeerrrrrrrr. A
- second connection is then created to the specified port on the
- client's machine.
-
- 3) A null-terminated user name of at most 16 characters is retrieved on
- the initial socket.
-
- 4) A null-terminated, unencrypted password of at most 16 characters is
- retrieved on the initial socket.
-
- 5) A null-terminated command to be passed to a shell is retrieved on
- the initial socket. The length of the command is limited by the
- upper bound on the size of the system's argument list.
-
- 6) _R_e_x_e_c_d then validates the user as is done at login time and, if the
- authentication was successful, changes to the user's home directory,
- and establishes the user and group protections of the user. If any
- of these steps fail the connection is aborted with a diagnostic
- message returned.
-
- 7) A null byte is returned on the initial socket and the command line
- is passed to the normal login shell of the user. The shell inherits
- the network connections established by _r_e_x_e_c_d.
-
- SSSSHHHHAAAARRRREEEE IIIIIIII AAAACCCCTTTTIIIIOOOONNNNSSSS
- If the Share II system is installed and enabled, then the following
- privilege and resource checks are made immediately after validation
- checks are complete (_rrrr_ssss_hhhh_dddd(1)) but before the shell is started:
-
- 1. If your _nnnn_oooo_llll_oooo_gggg_iiii_nnnn flag is set, or you already have another connection
- and your _oooo_nnnn_eeee_llll_oooo_gggg_iiii_nnnn flag is set, then you are denied connection.
-
-
-
-
- PPPPaaaaggggeeee 1111
-
-
-
-
-
-
- RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM)))) RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM))))
-
-
-
- 2. If a disk usage exceeds the soft disk limit in any of your domains,
- then a message is printed and you are given a _w_a_r_n_i_n_g. If you
- accumulate too many warnings, further connection attempts are denied
- and you must see your subadministrator to rectify the situation.
- Whenever you connect with no disk usages in excess of any soft
- limits, all your accumulated warnings are cleared.
-
- 3. If you do not have permission to use an _rrrr_eeee_xxxx_eeee_cccc connection, as
- determined by the terminal permission flag _tttt_eeee_rrrr_mmmm_iiii_nnnn_aaaa_llll_...._ffff_llll_aaaa_gggg_...._rrrr_eeee_xxxx_eeee_cccc, then
- you are denied connection.
-
- 4. Some installations place limits on terminal connect-time, which apply
- equally to connection by way of _rrrr_eeee_xxxx_eeee_cccc. If you have already reached
- your connect-time limit, then you are denied connection. Otherwise,
- if you have a limit, your remaining connect-time is printed.
-
- If all these checks are passed, _rrrr_eeee_xxxx_eeee_cccc_dddd proceeds normally.
-
- For each new instance of a remotely initiated process, rexecd first reads
- the configuration file _////_eeee_tttt_cccc_////_dddd_eeee_ffff_aaaa_uuuu_llll_tttt_////_rrrr_eeee_xxxx_eeee_cccc_dddd. Currently the only switch in
- this file is SVR4_SIGNALS, which indicates if SVR4 signal defaults should
- be used, and defaults to `YES'. This means that processes spawned by
- rexecd will run with the SIGXFSZ and SIGXCPU signals disabled (i.e.
- ignored). For CPU and filesize resource limiting to work correctly, this
- file should be edited and SVR4_SIGNALS set to `NO', so that these signal
- retain their default behaviour, which is to terminate the process.
-
- OOOOPPPPTTTTIIIIOOOONNNNSSSS
- ----llll This option causes all successful accesses to be logged to
- _s_y_s_l_o_g_d(1M) as _a_u_t_h._i_n_f_o messages.
-
- FFFFIIIILLLLEEEESSSS
- _////_eeee_tttt_cccc_////_llll_iiii_mmmm_cccc_oooo_nnnn_ffff The compiled Share II configuration file (machine
- readable).
-
- _////_eeee_tttt_cccc_////_dddd_eeee_ffff_aaaa_uuuu_llll_tttt_////_rrrr_eeee_xxxx_eeee_cccc_dddd Default behaviour configuration file
-
- SSSSEEEEEEEE AAAALLLLSSSSOOOO
- login(1), rshd(1M), rexec(3N), passwd(4), share(5)
-
- DDDDIIIIAAAAGGGGNNNNOOOOSSSSTTTTIIIICCCCSSSS
- Except for the last one listed below, all diagnostic messages are
- returned on the initial socket, after which any network connections are
- closed. An error is indicated by a leading byte with a value of 1 (0 is
- returned in step 7 above upon successful completion of all the steps
- prior to the command execution).
-
- ````````uuuusssseeeerrrrnnnnaaaammmmeeee ttttoooooooo lllloooonnnngggg''''''''
- The name is longer than 16 characters.
-
-
-
-
-
-
- PPPPaaaaggggeeee 2222
-
-
-
-
-
-
- RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM)))) RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM))))
-
-
-
- ````````ppppaaaasssssssswwwwoooorrrrdddd ttttoooooooo lllloooonnnngggg''''''''
- The password is longer than 16 characters.
-
- ````````ccccoooommmmmmmmaaaannnndddd ttttoooooooo lllloooonnnngggg ''''''''
- The command line passed exceeds the size of the argument list (as
- configured into the system).
-
- ````````LLLLooooggggiiiinnnn iiiinnnnccccoooorrrrrrrreeeecccctttt....''''''''
- No password file entry for the user name existed. (Also logged to the
- _s_y_s_l_o_g_d(1M) daemon as an _a_u_t_h._n_o_t_i_c_e message.)
-
- ````````PPPPaaaasssssssswwwwoooorrrrdddd iiiinnnnccccoooorrrrrrrreeeecccctttt....''''''''
- The wrong was password supplied. (Also logged to the _s_y_s_l_o_g_d(1M) daemon
- as an _a_u_t_h._n_o_t_i_c_e message.)
-
- ````````NNNNoooo rrrreeeemmmmooootttteeee ddddiiiirrrreeeeccccttttoooorrrryyyy....''''''''
- The _c_h_d_i_r command to the home directory failed.
-
- ````````TTTTrrrryyyy aaaaggggaaaaiiiinnnn....''''''''
- A _f_o_r_k by the server failed.
-
- ````````<<<<sssshhhheeeellllllllnnnnaaaammmmeeee>>>>:::: ............''''''''
- The user's login shell could not be started. This message is returned on
- the connection associated with the ssssttttddddeeeerrrrrrrr, and is not preceded by a flag
- byte.
-
- The Share II specific diagnostic messages are listed as follows:
-
- ````````WWWWaaaarrrrnnnniiiinnnngggg <<<<XXXX>>>> ooooffff <<<<YYYY>>>>:::: ssssoooofffftttt ddddiiiisssskkkk lllliiiimmmmiiiitttt eeeexxxxcccceeeeeeeeddddeeeedddd....''''''''
- One of your domains has a disk usage in excess of its soft limit.
-
- ````````CCCCoooonnnnnnnneeeeccccttttiiiioooonnnn ddddeeeennnniiiieeeedddd.... TTTToooooooo mmmmaaaannnnyyyy wwwwaaaarrrrnnnniiiinnnnggggssss....''''''''
- You have reached your warning limit. See your subadministrator.
-
- ````````CCCCoooonnnnnnnneeeeccccttttiiiioooonnnn ddddeeeennnniiiieeeedddd.... AAAAllllrrrreeeeaaaaddddyyyy llllooooggggggggeeeedddd iiiinnnn ---- oooonnnnllllyyyy oooonnnneeee llllooooggggiiiinnnn aaaalllllllloooowwwweeeedddd....''''''''
- You are already connected to the system and your _oooo_nnnn_eeee_llll_oooo_gggg_iiii_nnnn flag is set.
-
- ````````CCCCoooonnnnnnnneeeeccccttttiiiioooonnnn ddddeeeennnniiiieeeedddd.... CCCCuuuurrrrrrrreeeennnnttttllllyyyy bbbbaaaarrrrrrrreeeedddd ffffrrrroooommmm llllooooggggggggiiiinnnngggg iiiinnnn....''''''''
- Your _nnnn_oooo_llll_oooo_gggg_iiii_nnnn flag is set.
-
- ````````CCCCoooonnnnnnnneeeeccccttttiiiioooonnnn ddddeeeennnniiiieeeedddd.... NNNNoooo ppppeeeerrrrmmmmiiiissssssssiiiioooonnnn ttttoooo uuuusssseeee tttthhhhiiiissss tttteeeerrrrmmmmiiiinnnnaaaallll....''''''''
- You are not allowed to log in at this terminal because of a clear
- _tttt_eeee_rrrr_mmmm_iiii_nnnn_aaaa_llll_...._ffff_llll_aaaa_gggg_...._rrrr_eeee_xxxx_eeee_cccc flag.
-
- ````````YYYYoooouuuu hhhhaaaavvvveeee aaaa rrrreeeemmmmaaaaiiiinnnniiiinnnngggg tttteeeerrrrmmmmiiiinnnnaaaallll ccccoooonnnnnnnneeeecccctttt----ttttiiiimmmmeeee ooooffff <<<<YYYY>>>>....''''''''
- You may use this connection until you have used up your remaining
- connect-time, at which point you are forced to disconnect.
-
- ````````CCCCoooonnnnnnnneeeeccccttttiiiioooonnnn ddddeeeennnniiiieeeedddd.... TTTTeeeerrrrmmmmiiiinnnnaaaallll ccccoooonnnnnnnneeeecccctttt----ttttiiiimmmmeeee lllliiiimmmmiiiitttt eeeexxxxcccceeeeeeeeddddeeeedddd....''''''''
- You have already reached your terminal connect-time limit.
-
-
-
-
-
- PPPPaaaaggggeeee 3333
-
-
-
-
-
-
- RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM)))) RRRREEEEXXXXEEEECCCCDDDD((((1111MMMM))))
-
-
-
- ````````SSSShhhhaaaarrrreeee nnnnooootttt ccccoooonnnnffffiiiigggguuuurrrreeeedddd ---- nnnnoooo lllliiiimmmmiiiitttt cccchhhheeeecccckkkkssss....''''''''
- The configuration file is unreadable for some reason, so terminal
- privileges, connect-time limits and disk space limits could not be
- checked.
-
- BBBBUUUUGGGGSSSS
- Indicating ``Login incorrect'' as opposed to ``Password incorrect'' is a
- security breach which allows people to probe a system for users with null
- passwords.
-
- A facility to allow all data and password exchanges to be encrypted
- should be present.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- PPPPaaaaggggeeee 4444
-
-
-
-
