This appendix lists possible values for several arguments used by authentication-related RPC routines. The RPC API authentication-related routines are designed to be authentication and authorisation service-independent, but the values taken by some arguments to these routines are necessarily service-specific. The ISO C standard currently specifies some authentication and authorisation services, but implementations may use others, and the ISO C standard may in the future specify others. This appendix specifies argument values that are applicable to the services currently specified in the ISO C standard. The use of these values assures portability of applications to implementations that used the ISO C standard specified services.
The authn_svc argument is used to specify an authentication service. The following list gives the possible values for currently specified authentication services.
The authz_svc argument is used to specify an authorisation service. The following list gives the possible values for currently specified authorisation services:
The protect_level argument is used to specify which level of protection to apply to authenticated RPC communications. The following list gives possible values for this argument:
The protection-level values are listed in canonical order from the lowest to highest level of protection. However, except for the first two levels, the actual definition of each level depends on the underlying protocol, and not all levels may be provided by all protocols.
When an application calls the rpc_set_auth_info routine with a protection level that is not supported, the RPC run-time system attempts to upgrade the request to the next highest supported level.
The privs argument returns a handle to the authorisation or
privilege information for a client binding handle. An application
must cast this value to an appropriate type for the authorisation
service in use.
For authz_svc value: | privs contains this data: | Use this cast: |
rpc_authz_none | A NULL value. | None |
rpc_authz_name | The calling client's principal name. | (unsigned_char_t *) |
rpc_authz_dce | The calling client's privilege attribute certificate. | (sec_id_pac_t *) |
The server_princ_name argument specifies a server principal name. The syntax of this name depends on the authentication service in use. This syntax will be specified in the DCE: Security Services specification.
The auth_identity argument specifies an application's authentication and authorisation credentials.
When using the rpc_c_authn_dce_secret authentication service and any authorisation service, this value must be a sec_login_handle_t.
When a server application calls rpc_server_register_auth_info() to register authentication information with the RPC run-time system, it specifies an authentication service, using the authn_svc argument. It may also specify a server-provided key acquisition function, using the get_key_fn argument. To specify the default key acquisition function for the authentication service specified by authn_svc, the application supplies NULL for the get_key_fn argument. The application may also supply an argument to be passed to the key acquisition function, using the arg argument.
The values of these arguments determine how the RPC run-time system behaves
when it needs to acquire a key for authenticated RPC.
authn_svc | get_key_fn | arg | Run-time Behaviour |
---|---|---|---|
rpc_c_authn_default | Ignored | NULL | Uses the default method of encryption key acquisition. |
rpc_c_authn_default | Ignored | non-NULL | Uses the default method of encryption key acquisition. The specified argument is passed to the default acquisition function. |
rpc_c_authn_none | Ignored | ignored | Authentication is not performed. |
rpc_c_authn_dce_secret | NULL | NULL | Uses the default method of encryption key acquisition. |
rpc_c_authn_dce_secret | NULL | non-NULL | Uses the default method of encryption key acquisition. The specified argument is passed to the default acquisition function. |
rpc_c_authn_dce_secret | non-NULL | NULL | Uses the specified encryption key acquisition routine to obtain keys. |
rpc_c_authn_dce_secret | non-NULL | non-NULL | Uses the specified encryption key acquisition routine to obtain keys. The specified argument is passed to the acquisition function. |
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.
Contents | Next section | Index |