Manpages - rpc_secure.3t
These routines are part of the
library. They implement
Authentication. See
for further details about
The
is the first of two routines which interface to the
secure authentication system, known as
authentication. The second is
below.
Note: the keyserver daemon
must be running for the
authentication system to work.
The
function, used on the client side, returns an authentication handle that will enable the use of the secure authentication system. The first argument
is the network name, or
of the owner of the server process. This field usually represents a
derived from the utility routine
but could also represent a user name using
The second field is window on the validity of the client credential, given in seconds. A small window is more secure than a large one, but choosing too small of a window will increase the frequency of resynchronizations because of clock drift. The third argument
is optional. If it is
then the authentication system will assume that the local clock is always in sync with the server’s clock, and will not attempt resynchronizations. If an address is supplied, however, then the system will use the address for consulting the remote time service whenever resynchronization is required. This argument is usually the address of the
server itself. The final argument
is also optional. If it is
then the authentication system will generate a random
key to be used for the encryption of credentials. If it is supplied, however, then it will be used instead.
The
function is identical to
except that the public key needs to be provided at calling time and will not looked up by this function itself.
The
function, the second of the two
authentication routines, is used on the server side for converting a
credential, which is operating system independent, into a
credential. This routine differs from utility routine
in that
pulls its information from a cache, and does not have to do a Yellow Pages lookup every time it is called to get its information.
The
function installs the unique, operating-system independent netname of the caller in the fixed-length array
Returns
if it succeeds and
if it fails.
The
function converts from a domain-specific hostname to an operating-system independent netname. Returns
if it succeeds and
if it fails. Inverse of
The
function is an interface to the keyserver daemon, which is associated with
secure authentication system
authentication). User programs rarely need to call it, or its associated routines
and
System commands such as
and the
library are the main clients of these four routines.
The
function takes a server netname and a
key, and decrypts the key by using the public key of the server and the secret key associated with the effective uid of the calling process. It is the inverse of
The
function is a keyserver interface routine. It takes a server netname and a des key, and encrypts it using the public key of the server and the secret key associated with the effective uid of the calling process. It is the inverse of
The
function is a keyserver interface routine. It is used to ask the keyserver for a secure conversation key. Choosing one
is usually not good enough, because the common ways of choosing random numbers, such as using the current time, are very easy to guess.
The
function is a keyserver interface routine. It is used to set the key for the effective
of the calling process.
The
function converts from an operating-system independent netname to a domain-specific hostname. Returns
if it succeeds and
if it fails. Inverse of
The
function converts from an operating-system independent netname to a domain-specific user ID. Returns
if it succeeds and
if it fails. Inverse of
The
function converts from a domain-specific username to an operating-system independent netname. Returns
if it succeeds and
if it fails. Inverse of
These functions are part of libtirpc.
The following manuals: