HP-UX Reference (11i v3 07/02) - 3 Library Functions N-Z (vol 7)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

371

372

373

374

375

376

377

378

379

380

secure_rpc(3N) secure_rpc(3N)

The authdes_getucred()

and authdes_seccreate()

routines implement the

AUTH_DES

authentication ﬂavor. The keyserver daemon

keyserv (see keyserv(1M)) must be running for the

AUTH_DES authentication system to work, and keylogin(1) must have been run. Only the

AUTH_DES

style of authentication is discussed here. For information about the

AUTH_NONE and AUTH_SYS styles of

authentication, refer to rpc_clnt_auth(3N).

The routines documented on this page are Thread Safe. For the other authentication styles, see the MUL-

TITHREAD USAGE section of the routines’ respective manual pages.

The HP-UX implementation of RPC only supports the X/Open Transport Interface (XTI). Applications that

are written using the Transport Layer Interface (TLI) and wish to use RPC, must convert their application

to XTI.

Routines

See rpc(3N) for the deﬁnition of the

AUTH data structure.

int authdes_getucred()

This is the ﬁrst of two functions that interface to the RPC secure authentication system

AUTH_DES.

The second is the

authdes_seccreate()

function. The

authdes_getucred()

function is

used on the server side to convert an

AUTH_DES credential, which is operating system independent,

to an AUTH_SYS credential. The authdes_getucred()

function returns 1 if it succeeds, 0 if it

fails.

The

*uidp parameter is set to the user’s numerical ID associated with adc. The

*gidp parameter is

set to the numerical ID of the user’s group. The

*gidlist parameter contains the numerical IDs of the

other groups to which the user belongs. The

*gidlenp is set to the number of valid group ID entries

speciﬁed by the *gidlist parameter.

The authdes_getucred()

function fails if the authdes_cred structure was created with the

netname of a host. In such a case,

netname2host()

should be used to get the host name from the

host netname in the

authdes_cred structure.

AUTH *authdes_seccreate()

The second of two AUTH_DES authentication functions, the

authdes_seccreate() function is

used on the client side to return an authentication handle that will enable the use of the secure

authentication system. The ﬁrst parameter, name, speciﬁes the network name netname of the owner

of the server process. This ﬁeld usually represents a hostname derived from the

host2netname()

utility, but could also represent a user name converted with the user2netname()

utility.

The second parameter, window, speciﬁes the validity of the client credential in seconds. If the

difference in time between the client’s clock and the server’s clock exceeds window, the server rejects

the client’s credentials and the clock will have to be resynchronized. A small window is more secure

than a large one, but choosing too small a window increases the frequency of resynchronization due to

clock drift.

The third parameter, timehost , is the host’s name and is optional. If timehost is NULL, the authenti-

cation system assumes that the local clock is always in sync with the timehost clock, and does not

attempt resynchronization. If a timehost is supplied, the system consults the remote time service

whenever resynchronization is required. The timehost parameter is usually the name of the host on

which the server is running.

The ﬁnal parameter, ckey, is also optional. If ckey is NULL, the authentication system will generate a

random DES key to be used for the encryption of credentials. If ckey is supplied, it is used for encryp-

tion.

authdes_seccreate() fails, it returns NULL.

int getnetname()

This function returns the unique, operating system independent netname of the caller in the ﬁxed-

length array name. The function returns 1 if it succeeds and 0 if it fails.

int host2netname()

This function converts a domain-speciﬁc hostname host to an operating system independent netname.

The function returns 1 if it succeeds and 0 if it fails. The host2netname() function is the inverse

of the

netname2host() function. If the domain is NULL, host2netname() uses the default

domain name of the machine. If host is NULL, it defaults to that machine itself. If domain is NULL

and host is an NIS name such as myhost.hp.example.com, the host2netname() function

uses the domain hp.example.com rather than the default domain name of the machine.

380 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: February 2007