1.\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
2.\" $FreeBSD: head/lib/libc/rpc/rpc_secure.3 50476 1999-08-28 00:22:10Z peter $
3.\"
4.Dd February 16, 1988
5.Dt RPC 3
6.Sh NAME
7.Nm rpc_secure
8.Nd library routines for secure remote procedure calls
9.Sh SYNOPSIS
10.Fd #include <rpc/rpc.h>
--- 53 unchanged lines hidden (view full) ---
64.Pp
65.Fn Authdes_create ,
66used on the client side, returns an authentication handle that
67will enable the use of the secure authentication system.
68The first parameter
69.Fa name
70is the network name, or
71.Fa netname ,
72of the owner of the server process. This field usually
73represents a
74.Fa hostname
75derived from the utility routine
76.Fn host2netname ,
77but could also represent a user name using
78.Fn user2netname .
79The second field is window on the validity of
80the client credential, given in seconds. A small
81window is more secure than a large one, but choosing
82too small of a window will increase the frequency of
83resynchronizations because of clock drift. The third
84parameter
85.Fa addr
86is optional. If it is
87.Dv NULL ,
88then the authentication system will assume
89that the local clock is always in sync with the server's
90clock, and will not attempt resynchronizations. If an address
91is supplied, however, then the system will use the address
92for consulting the remote time service whenever
93resynchronization
94is required. This parameter is usually the
95address of the
96.Tn RPC
97server itself. The final parameter
98.Fa ckey
99is also optional. If it is
100.Dv NULL ,
101then the authentication system will
102generate a random
103.Tn DES
104key to be used for the encryption of credentials.
105If it is supplied, however, then it will be used instead.
106.Pp
107.Fn Authdes_getucred ,
108the second of the two
109.Tn DES
110authentication routines,
111is used on the server side for converting a
112.Tn DES
113credential, which is
114operating system independent, into a
115.Ux
116credential. This routine differs from utility routine
117.Fn netname2user
118in that
119.Fn authdes_getucred
120pulls its information from a cache, and does not have to do a
121Yellow Pages lookup every time it is called to get its information.
122.Pp
123.Fn Getnetname
124installs the unique, operating-system independent netname of
125the
126caller in the fixed-length array
127.Fa name .
128Returns
129.Dv TRUE
130if it succeeds and
131.Dv FALSE
132if it fails.
133.Pp
134.Fn Host2netname
135converts from a domain-specific hostname to an
136operating-system independent netname. Returns
137.Dv TRUE
138if it succeeds and
139.Dv FALSE
140if it fails. Inverse of
141.Fn netname2host .
142.Pp
143.Fn Key_decryptsession
144is an interface to the keyserver daemon, which is associated
145with
146.Tn RPC Ns 's
147secure authentication system (
148.Tn DES
--- 14 unchanged lines hidden (view full) ---
163.Tn DES
164key, and decrypts the key by
165using the the public key of the the server and the secret key
166associated with the effective uid of the calling process. It
167is the inverse of
168.Fn key_encryptsession .
169.Pp
170.Fn Key_encryptsession
171is a keyserver interface routine. It
172takes a server netname and a des key, and encrypts
173it using the public key of the the server and the secret key
174associated with the effective uid of the calling process. It
175is the inverse of
176.Fn key_decryptsession .
177.Pp
178.Fn Key_gendes
179is a keyserver interface routine. It
180is used to ask the keyserver for a secure conversation key.
181Choosing one
182.Qq random
183is usually not good enough,
184because
185the common ways of choosing random numbers, such as using the
186current time, are very easy to guess.
187.Pp
188.Fn Key_setsecret
189is a keyserver interface routine. It is used to set the key for
190the effective
191.Fa uid
192of the calling process.
193.Pp
194.Fn Netname2host
195converts from an operating-system independent netname to a
196domain-specific hostname. Returns
197.Dv TRUE
198if it succeeds and
199.Dv FALSE
200if it fails. Inverse of
201.Fn host2netname .
202.Pp
203.Fn Netname2user
204converts from an operating-system independent netname to a
205domain-specific user ID.
206Returns
207.Dv TRUE
208if it succeeds and
209.Dv FALSE
210if it fails. Inverse of
211.Fn user2netname .
212.Pp
213.Fn User2netname
214converts from a domain-specific username to an operating-system
215independent netname. Returns
216.Dv TRUE
217if it succeeds and
218.Dv FALSE
219if it fails. Inverse of
220.Fn netname2user .
221.Sh SEE ALSO
222.Xr rpc 3 ,
223.Xr xdr 3 ,
224.Xr keyserv 8
225.Pp
226The following manuals:
227.Rs
--- 12 unchanged lines hidden ---
2.\" $FreeBSD: head/lib/libc/rpc/rpc_secure.3 50476 1999-08-28 00:22:10Z peter $
3.\"
4.Dd February 16, 1988
5.Dt RPC 3
6.Sh NAME
7.Nm rpc_secure
8.Nd library routines for secure remote procedure calls
9.Sh SYNOPSIS
10.Fd #include <rpc/rpc.h>
--- 53 unchanged lines hidden (view full) ---
64.Pp
65.Fn Authdes_create ,
66used on the client side, returns an authentication handle that
67will enable the use of the secure authentication system.
68The first parameter
69.Fa name
70is the network name, or
71.Fa netname ,
72of the owner of the server process. This field usually
73represents a
74.Fa hostname
75derived from the utility routine
76.Fn host2netname ,
77but could also represent a user name using
78.Fn user2netname .
79The second field is window on the validity of
80the client credential, given in seconds. A small
81window is more secure than a large one, but choosing
82too small of a window will increase the frequency of
83resynchronizations because of clock drift. The third
84parameter
85.Fa addr
86is optional. If it is
87.Dv NULL ,
88then the authentication system will assume
89that the local clock is always in sync with the server's
90clock, and will not attempt resynchronizations. If an address
91is supplied, however, then the system will use the address
92for consulting the remote time service whenever
93resynchronization
94is required. This parameter is usually the
95address of the
96.Tn RPC
97server itself. The final parameter
98.Fa ckey
99is also optional. If it is
100.Dv NULL ,
101then the authentication system will
102generate a random
103.Tn DES
104key to be used for the encryption of credentials.
105If it is supplied, however, then it will be used instead.
106.Pp
107.Fn Authdes_getucred ,
108the second of the two
109.Tn DES
110authentication routines,
111is used on the server side for converting a
112.Tn DES
113credential, which is
114operating system independent, into a
115.Ux
116credential. This routine differs from utility routine
117.Fn netname2user
118in that
119.Fn authdes_getucred
120pulls its information from a cache, and does not have to do a
121Yellow Pages lookup every time it is called to get its information.
122.Pp
123.Fn Getnetname
124installs the unique, operating-system independent netname of
125the
126caller in the fixed-length array
127.Fa name .
128Returns
129.Dv TRUE
130if it succeeds and
131.Dv FALSE
132if it fails.
133.Pp
134.Fn Host2netname
135converts from a domain-specific hostname to an
136operating-system independent netname. Returns
137.Dv TRUE
138if it succeeds and
139.Dv FALSE
140if it fails. Inverse of
141.Fn netname2host .
142.Pp
143.Fn Key_decryptsession
144is an interface to the keyserver daemon, which is associated
145with
146.Tn RPC Ns 's
147secure authentication system (
148.Tn DES
--- 14 unchanged lines hidden (view full) ---
163.Tn DES
164key, and decrypts the key by
165using the the public key of the the server and the secret key
166associated with the effective uid of the calling process. It
167is the inverse of
168.Fn key_encryptsession .
169.Pp
170.Fn Key_encryptsession
171is a keyserver interface routine. It
172takes a server netname and a des key, and encrypts
173it using the public key of the the server and the secret key
174associated with the effective uid of the calling process. It
175is the inverse of
176.Fn key_decryptsession .
177.Pp
178.Fn Key_gendes
179is a keyserver interface routine. It
180is used to ask the keyserver for a secure conversation key.
181Choosing one
182.Qq random
183is usually not good enough,
184because
185the common ways of choosing random numbers, such as using the
186current time, are very easy to guess.
187.Pp
188.Fn Key_setsecret
189is a keyserver interface routine. It is used to set the key for
190the effective
191.Fa uid
192of the calling process.
193.Pp
194.Fn Netname2host
195converts from an operating-system independent netname to a
196domain-specific hostname. Returns
197.Dv TRUE
198if it succeeds and
199.Dv FALSE
200if it fails. Inverse of
201.Fn host2netname .
202.Pp
203.Fn Netname2user
204converts from an operating-system independent netname to a
205domain-specific user ID.
206Returns
207.Dv TRUE
208if it succeeds and
209.Dv FALSE
210if it fails. Inverse of
211.Fn user2netname .
212.Pp
213.Fn User2netname
214converts from a domain-specific username to an operating-system
215independent netname. Returns
216.Dv TRUE
217if it succeeds and
218.Dv FALSE
219if it fails. Inverse of
220.Fn netname2user .
221.Sh SEE ALSO
222.Xr rpc 3 ,
223.Xr xdr 3 ,
224.Xr keyserv 8
225.Pp
226The following manuals:
227.Rs
--- 12 unchanged lines hidden ---