rpc_secure.3 (50476) | rpc_secure.3 (57686) |
---|---|
1.\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI | 1.\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI |
2.\" $FreeBSD: head/lib/libc/rpc/rpc_secure.3 50476 1999-08-28 00:22:10Z peter $ | 2.\" $FreeBSD: head/lib/libc/rpc/rpc_secure.3 57686 2000-03-02 09:14:21Z sheldonh $ |
3.\" 4.Dd February 16, 1988 5.Dt RPC 3 6.Sh NAME 7.Nm rpc_secure 8.Nd library routines for secure remote procedure calls 9.Sh SYNOPSIS 10.Fd #include <rpc/rpc.h> --- 53 unchanged lines hidden (view full) --- 64.Pp 65.Fn Authdes_create , 66used on the client side, returns an authentication handle that 67will enable the use of the secure authentication system. 68The first parameter 69.Fa name 70is the network name, or 71.Fa netname , | 3.\" 4.Dd February 16, 1988 5.Dt RPC 3 6.Sh NAME 7.Nm rpc_secure 8.Nd library routines for secure remote procedure calls 9.Sh SYNOPSIS 10.Fd #include <rpc/rpc.h> --- 53 unchanged lines hidden (view full) --- 64.Pp 65.Fn Authdes_create , 66used on the client side, returns an authentication handle that 67will enable the use of the secure authentication system. 68The first parameter 69.Fa name 70is the network name, or 71.Fa netname , |
72of the owner of the server process. This field usually | 72of the owner of the server process. 73This field usually |
73represents a 74.Fa hostname 75derived from the utility routine 76.Fn host2netname , 77but could also represent a user name using 78.Fn user2netname . 79The second field is window on the validity of 80the client credential, given in seconds. A small 81window is more secure than a large one, but choosing 82too small of a window will increase the frequency of | 74represents a 75.Fa hostname 76derived from the utility routine 77.Fn host2netname , 78but could also represent a user name using 79.Fn user2netname . 80The second field is window on the validity of 81the client credential, given in seconds. A small 82window is more secure than a large one, but choosing 83too small of a window will increase the frequency of |
83resynchronizations because of clock drift. The third | 84resynchronizations because of clock drift. 85The third |
84parameter 85.Fa addr 86is optional. If it is 87.Dv NULL , 88then the authentication system will assume 89that the local clock is always in sync with the server's | 86parameter 87.Fa addr 88is optional. If it is 89.Dv NULL , 90then the authentication system will assume 91that the local clock is always in sync with the server's |
90clock, and will not attempt resynchronizations. If an address | 92clock, and will not attempt resynchronizations. 93If an address |
91is supplied, however, then the system will use the address 92for consulting the remote time service whenever 93resynchronization | 94is supplied, however, then the system will use the address 95for consulting the remote time service whenever 96resynchronization |
94is required. This parameter is usually the | 97is required. 98This parameter is usually the |
95address of the 96.Tn RPC | 99address of the 100.Tn RPC |
97server itself. The final parameter | 101server itself. 102The final parameter |
98.Fa ckey 99is also optional. If it is 100.Dv NULL , 101then the authentication system will 102generate a random 103.Tn DES 104key to be used for the encryption of credentials. 105If it is supplied, however, then it will be used instead. 106.Pp 107.Fn Authdes_getucred , 108the second of the two 109.Tn DES 110authentication routines, 111is used on the server side for converting a 112.Tn DES 113credential, which is 114operating system independent, into a 115.Ux | 103.Fa ckey 104is also optional. If it is 105.Dv NULL , 106then the authentication system will 107generate a random 108.Tn DES 109key to be used for the encryption of credentials. 110If it is supplied, however, then it will be used instead. 111.Pp 112.Fn Authdes_getucred , 113the second of the two 114.Tn DES 115authentication routines, 116is used on the server side for converting a 117.Tn DES 118credential, which is 119operating system independent, into a 120.Ux |
116credential. This routine differs from utility routine | 121credential. 122This routine differs from utility routine |
117.Fn netname2user 118in that 119.Fn authdes_getucred 120pulls its information from a cache, and does not have to do a 121Yellow Pages lookup every time it is called to get its information. 122.Pp 123.Fn Getnetname 124installs the unique, operating-system independent netname of 125the 126caller in the fixed-length array 127.Fa name . 128Returns 129.Dv TRUE 130if it succeeds and 131.Dv FALSE 132if it fails. 133.Pp 134.Fn Host2netname 135converts from a domain-specific hostname to an | 123.Fn netname2user 124in that 125.Fn authdes_getucred 126pulls its information from a cache, and does not have to do a 127Yellow Pages lookup every time it is called to get its information. 128.Pp 129.Fn Getnetname 130installs the unique, operating-system independent netname of 131the 132caller in the fixed-length array 133.Fa name . 134Returns 135.Dv TRUE 136if it succeeds and 137.Dv FALSE 138if it fails. 139.Pp 140.Fn Host2netname 141converts from a domain-specific hostname to an |
136operating-system independent netname. Returns | 142operating-system independent netname. 143Returns |
137.Dv TRUE 138if it succeeds and 139.Dv FALSE | 144.Dv TRUE 145if it succeeds and 146.Dv FALSE |
140if it fails. Inverse of | 147if it fails. 148Inverse of |
141.Fn netname2host . 142.Pp 143.Fn Key_decryptsession 144is an interface to the keyserver daemon, which is associated 145with 146.Tn RPC Ns 's 147secure authentication system ( 148.Tn DES --- 14 unchanged lines hidden (view full) --- 163.Tn DES 164key, and decrypts the key by 165using the the public key of the the server and the secret key 166associated with the effective uid of the calling process. It 167is the inverse of 168.Fn key_encryptsession . 169.Pp 170.Fn Key_encryptsession | 149.Fn netname2host . 150.Pp 151.Fn Key_decryptsession 152is an interface to the keyserver daemon, which is associated 153with 154.Tn RPC Ns 's 155secure authentication system ( 156.Tn DES --- 14 unchanged lines hidden (view full) --- 171.Tn DES 172key, and decrypts the key by 173using the the public key of the the server and the secret key 174associated with the effective uid of the calling process. It 175is the inverse of 176.Fn key_encryptsession . 177.Pp 178.Fn Key_encryptsession |
171is a keyserver interface routine. It | 179is a keyserver interface routine. 180It |
172takes a server netname and a des key, and encrypts 173it using the public key of the the server and the secret key 174associated with the effective uid of the calling process. It 175is the inverse of 176.Fn key_decryptsession . 177.Pp 178.Fn Key_gendes | 181takes a server netname and a des key, and encrypts 182it using the public key of the the server and the secret key 183associated with the effective uid of the calling process. It 184is the inverse of 185.Fn key_decryptsession . 186.Pp 187.Fn Key_gendes |
179is a keyserver interface routine. It | 188is a keyserver interface routine. 189It |
180is used to ask the keyserver for a secure conversation key. 181Choosing one 182.Qq random 183is usually not good enough, 184because 185the common ways of choosing random numbers, such as using the 186current time, are very easy to guess. 187.Pp 188.Fn Key_setsecret | 190is used to ask the keyserver for a secure conversation key. 191Choosing one 192.Qq random 193is usually not good enough, 194because 195the common ways of choosing random numbers, such as using the 196current time, are very easy to guess. 197.Pp 198.Fn Key_setsecret |
189is a keyserver interface routine. It is used to set the key for | 199is a keyserver interface routine. 200It is used to set the key for |
190the effective 191.Fa uid 192of the calling process. 193.Pp 194.Fn Netname2host 195converts from an operating-system independent netname to a | 201the effective 202.Fa uid 203of the calling process. 204.Pp 205.Fn Netname2host 206converts from an operating-system independent netname to a |
196domain-specific hostname. Returns | 207domain-specific hostname. 208Returns |
197.Dv TRUE 198if it succeeds and 199.Dv FALSE 200if it fails. Inverse of 201.Fn host2netname . 202.Pp 203.Fn Netname2user 204converts from an operating-system independent netname to a 205domain-specific user ID. 206Returns 207.Dv TRUE 208if it succeeds and 209.Dv FALSE | 209.Dv TRUE 210if it succeeds and 211.Dv FALSE 212if it fails. Inverse of 213.Fn host2netname . 214.Pp 215.Fn Netname2user 216converts from an operating-system independent netname to a 217domain-specific user ID. 218Returns 219.Dv TRUE 220if it succeeds and 221.Dv FALSE |
210if it fails. Inverse of | 222if it fails. 223Inverse of |
211.Fn user2netname . 212.Pp 213.Fn User2netname 214converts from a domain-specific username to an operating-system | 224.Fn user2netname . 225.Pp 226.Fn User2netname 227converts from a domain-specific username to an operating-system |
215independent netname. Returns | 228independent netname. 229Returns |
216.Dv TRUE 217if it succeeds and 218.Dv FALSE | 230.Dv TRUE 231if it succeeds and 232.Dv FALSE |
219if it fails. Inverse of | 233if it fails. 234Inverse of |
220.Fn netname2user . 221.Sh SEE ALSO 222.Xr rpc 3 , 223.Xr xdr 3 , 224.Xr keyserv 8 225.Pp 226The following manuals: 227.Rs --- 12 unchanged lines hidden --- | 235.Fn netname2user . 236.Sh SEE ALSO 237.Xr rpc 3 , 238.Xr xdr 3 , 239.Xr keyserv 8 240.Pp 241The following manuals: 242.Rs --- 12 unchanged lines hidden --- |