Manualshelf

HP DCE/9000 Version 1.7 Application Development Tools for HP-UX 11.0 Release Note

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
31323334353637383940
38 HP DCE 1.7 Application Development Tools Release Note
Developing DCE Applications with HP DCE/ 9000
Notes on Programming with HP DCE
For example:
ncacn_ip_tcp[5000-5110,5500-5521]:ncadg_ip_udp[6500-7000]
To use RPC_RESTRICTED_PORTS for DCE itself, set the environment
variable before starting your cell. The environment variable must be set
whenever you restart DCE.
Note that this facility does not add any security to RPC and is not
intended as a security feature. It merely facilitates configuring a network
“fire wall” to allow incoming calls to DCE servers.
RPC Authentication
The OSF DCE Application Development Guide and the OSF DCE
Application Development Reference may be misleading about what
happens when an unauthenticated client calls a server that has specified
authentication. In such a case, the RPC runtime will not perform any
authentication, and the call will either reach the server manager code, or
be rejected by the runtime, depending on the following conditions:
If the client specified no authentication, then none is attempted by
the RPC runtime. The call reaches the manager code whether the
server specified authentication or not. This permits both
authenticated and unauthenticated clients to call authenticated
servers. When the manager receives an unauthenticated call, it must
make a decision about how to proceed.
If the client specified DCE secret key authentication and the server
specified no authentication, then the runtime will reject the call, and
it will never reach the manager routine.
If both client and server specified DCE secret key authentication,
then authentication will be carried out by the RPC runtime
transparently. Whether the call reaches the server manager code or is
rejected by the runtime will depend on whether the authentication
succeeds.
Although the RPC runtime is responsible for any authentication that
is carried out, the fact that the runtime will always permit
unauthenticated clients to reach the manager code means that a
manager access function typically does need to make an
authentication check. When the manager access routine calls
rpc_binding_inq_auth_client(), it should check for a return status
of rpc_s_binding_has_no_auth. When such a status is returned, it
means that the client has specified no authentication, and the