 | | The authentication scheme is based on reserved port numbers, defined to be port numbers less than 1024. On BSD UNIX systems (and other systems, such as SVR4, that support the concept), only a superuser can obtain a reserved port. On the server side, when a client connects, the server checks to see that the client is using a reserved port between 513 and 1024; port numbers less than or equal to 512 are not permitted. If the port number used by the client is greater than 1024, it is not a reserved port, and the server will not allow it. Note that the whole concept of reserved ports is specific to UNIX; it is not an Internet standard. This means that the authentication provided by this mechanism is dubious at best (for example, a personal computer running MS-DOS can create any port it wants, since there is no concept of a superuser). | |
|