Specifications
Page 24 Remote Procedure Call Programming Guide
call the service primitive svcerr_systemerr() instead.
The last point underscores the relation between the RPC authentication package and the services; RPC
deals only with authentication and not with individual services’ access control. The services themselves
must implement their own access control policies and reflect these policies as return statuses in their proto-
cols.
4.5. DES Authentication
UNIX authentication is quite easy to defeat. Instead of using authunix_create_default(), one can call
authunix_create() and then modify the RPC authentication handle it returns by filling in whatever user ID
and hostname they wish the server to think they hav e. DES authentication is thus recommended for people
who want more security than UNIX authentication offers.
The details of the DES authentication protocol are complicated and are not explained here. See Remote
Procedure Calls: Protocol Specification for the details.
In order for DES authentication to work, the keyserv(8c) daemon must be running on both the server
and client machines. The users on these machines need public keys assigned by the network adminis-
trator in the publickey(5) database. And, they need to have decrypted their secret keys using their login
password. This automatically happens when one logs in using login(1), or can be done manually using
keylogin(1). The Network Services chapter explains more how to setup secure networking.
Client Side
If a client wishes to use DES authentication, it must set its authentication handle appropriately. Here is an
example:
cl->cl_auth =
authdes_create(servername, 60, &server_addr, NULL);
The first argument is the network name or “netname” of the owner of the server process. Typically, server
processes are root processes and their netname can be derived using the following call:
char servername[MAXNETNAMELEN];
host2netname(servername, rhostname, NULL);
Here, rhostname is the hostname of the machine the server process is running on. host2netname() fills in
servername to contain this root process’s netname. If the server process was run by a regular user, one
could use the call user2netname() instead. Here is an example for a server process with the same user ID as
the client:
char servername[MAXNETNAMELEN];
user2netname(servername, getuid(), NULL);
The last argument to both of these calls, user2netname() and host2netname(), is the name of the naming
domain where the server is located. The NULL used here means “use the local domain name.”
The second argument to authdes_create() is a lifetime for the credential. Here it is set to sixty seconds.
What that means is that the credential will expire 60 seconds from now. If some mischievous user tries to
reuse the credential, the server RPC subsystem will recognize that it has expired and not grant any requests.
If the same mischievous user tries to reuse the credential within the sixty second lifetime, he will still be
rejected because the server RPC subsystem remembers which credentials it has already seen in the near
past, and will not grant requests to duplicates.
The third argument to authdes_create() is the address of the host to synchronize with. In order for DES
authentication to work, the server and client must agree upon the time. Here we pass the address of the
server itself, so the client and server will both be using the same time: the server’s time. The argument can
be NULL, which means “don’t bother synchronizing.” You should only do this if you are sure the client and
server are already synchronized.