.\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
.TH RPC 3N "16 February 1988"
rpc_secure \- library routines for secure remote procedure calls
.SH SYNOPSIS AND DESCRIPTION
These routines are part of the RPC library. They implement DES
for further details about RPC.
authdes_create(name, window, syncaddr, ckey)
struct sockaddr_in *addr;
is the first of two routines which interface to the
secure authentication system, known as
.BR authdes_getucred(\|) ,
below. Note: the keyserver daemon
authentication system to work.
used on the client side, returns an authentication handle that
will enable the use of the secure authentication system.
of the owner of the server process. This field usually
derived from the utility routine
but could also represent a user name using
The second field is window on the validity of
the client credential, given in seconds. A small
window is more secure than a large one, but choosing
too small of a window will increase the frequency of
resynchronizations because of clock drift. The third
then the authentication system will assume
that the local clock is always in sync with the server's
clock, and will not attempt resynchronizations. If an address
is supplied, however, then the system will use the address
for consulting the remote time service whenever
is required. This parameter is usually the
server itself. The final parameter
is also optional. If it is
then the authentication system will
key to be used for the encryption of credentials.
If it is supplied, however, then it will be used instead.
authdes_getucred(adc, uid, gid, grouplen, groups)
struct authdes_cred *adc;
.BR authdes_getucred(\|) ,
is used on the server side for converting a
operating system independent, into a
credential. This routine differs from utility routine
pulls its information from a cache, and does not have to do a
Yellow Pages lookup every time it is called to get its information.
host2netname(name, host, domain)
Convert from a domain-specific hostname to an
operating-system independent netname. Return
key_decryptsession(remotename, deskey)
.B key_decryptsession(\|)
is an interface to the keyserver daemon, which is associated
secure authentication system (\s-1DES\s0
User programs rarely need to call it, or its associated routines
.BR key_encryptsession(\|) ,
library are the main clients of these four routines.
.B key_decryptsession(\|)
takes a server netname and a des key, and decrypts the key by
using the the public key of the the server and the secret key
associated with the effective uid of the calling process. It
.BR key_encryptsession(\|) .
key_encryptsession(remotename, deskey)
.B key_encryptsession(\|)
is a keyserver interface routine. It
takes a server netname and a des key, and encrypts
it using the public key of the the server and the secret key
associated with the effective uid of the calling process. It
.BR key_decryptsession(\|) .
is a keyserver interface routine. It
is used to ask the keyserver for a secure conversation key.
Choosing one at \(lqrandom\(rq is usually not good enough,
the common ways of choosing random numbers, such as using the
current time, are very easy to guess.
is a keyserver interface routine. It is used to set the key for
char name[\s-1MAXNETNAMELEN\s0];
installs the unique, operating-system independent netname of
caller in the fixed-length array
netname2host(name, host, hostlen)
Convert from an operating-system independent netname to a
domain-specific hostname. Returns
netname2user(name, uidp, gidp, gidlenp, gidlist)
Convert from an operating-system independent netname to a
user2netname(name, uid, domain)
Convert from a domain-specific username to an operating-system
independent netname. Returns
Remote Procedure Calls: Protocol Specification
Remote Procedure Call Programming Guide
.IR "\s-1RPC\s0: Remote Procedure Call Protocol Specification" ,
.SM RFC1050, Sun Microsystems, Inc.,