secure_rpc.3n (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

secure_rpc(3N) secure_rpc(3N)

The authdes_getucred()

and authdes_seccreate()

routines implement the

AUTH_DES

authentication ﬂavor. The keyserver daemon

keyserv (see keyserv (1M)) must be running for the

AUTH_DES authentication system to work, and keylogin (1) must have been run. Only the

AUTH_DES

style of authentication is discussed here. For information about the

AUTH_NONE and AUTH_SYS styles

of authentication, refer to rpc_clnt_auth(3N).

The routines documented on this page are Thread Safe. For the other authentication styles, see the MUL-

TITHREAD USAGE section of the routines’ respective manual pages.

The HP-UX implementation of RPC only supports the X/Open Transport Interface (XTI). Applications

that are written using the Transport Layer Interface (TLI) and wish to use RPC, must convert their appli-

cation to XTI.

Routines

See rpc (3N) for the deﬁnition of the

AUTH data structure.

int authdes_getucred()

This is the ﬁrst of two functions that interface to the RPC secure authentication system

AUTH_DES.

The second is the

authdes_seccreate()

function. The

authdes_getucred()

function is

used on the server side to convert an

AUTH_DES credential, which is operating system independent,

to an

AUTH_SYS credential. The authdes_getucred()

function returns

1 if it succeeds, 0 if it

fails.

The

*uidp parameter is set to the user’s numerical ID associated with adc. The

*gidp parameter is

set to the numerical ID of the user’s group. The

*gidlist parameter contains the numerical IDs of

the other groups to which the user belongs. The

*gidlenp is set to the number of valid group ID

entries speciﬁed by the *gidlist parameter.

The

authdes_getucred()

function fails if the authdes_cred structure was created with the

netname of a host. In such a case,

netname2host()

should be used to get the host name from the

host netname in the

authdes_cred structure.

AUTH *authdes_seccreate()

The second of two AUTH_DES authentication functions, the

authdes_seccreate() function is

used on the client side to return an authentication handle that will enable the use of the secure

authentication system. The ﬁrst parameter, name, speciﬁes the network name netname of the

owner of the server process. This ﬁeld usually represents a hostname derived from the

host2netname() utility, but could also represent a user name converted with the

user2netname() utility.

The second parameter, window, speciﬁes the validity of the client credential in seconds. If the

difference in time between the client’s clock and the server’s clock exceeds window, the server

rejects the client’s credentials and the clock will have to be resynchronized. A small window is more

secure than a large one, but choosing too small a window increases the frequency of resynchroniza-

tion due to clock drift.

The third parameter, timehost , is the host’s name and is optional. If timehost is NULL, the authen-

tication system assumes that the local clock is always in sync with the timehost clock, and does not

attempt resynchronization. If a timehost is supplied, the system consults the remote time service

whenever resynchronization is required. The timehost parameter is usually the name of the host on

which the server is running.

The ﬁnal parameter, ckey, is also optional. If ckey is NULL, the authentication system will generate

a random DES key to be used for the encryption of credentials. If ckey is supplied, it is used for

encryption.

authdes_seccreate() fails, it returns NULL.

int getnetname()

This function returns the unique, operating system independent netname of the caller in the ﬁxed-

length array name. The function returns 1 if it succeeds and 0 if it fails.

int host2netname()

This function converts a domain-speciﬁc hostname host to an operating system independent net-

name. The function returns 1 if it succeeds and 0 if it fails. The host2netname() function is the

inverse of the netname2host() function. If the domain is NULL, host2netname() uses the

default domain name of the machine. If host is NULL, it defaults to that machine itself. If domain

is NULL and host is an NIS name such as myhost.hp.example.com, the host2netname()

2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010