secure_rpc(3N)secure_rpc(3N)NAME
secure_rpc: authdes_getucred(), authdes_seccreate(), getnetname(),
host2netname(), key_decryptsession(), key_encryptsession(), key_gen‐
des(), key_setsecret(), key_secretkey_is_set(), netname2host(), net‐
name2user(), user2netname() - library routines for secure remote proce‐
dure calls
SYNOPSISDESCRIPTION
RPC library routines allow C programs to make procedure calls on other
machines across the network.
RPC supports various authentication flavors. Among them are:
No authentication (none).
Traditional UNIX-style authentication.
DES encryption-based authentication.
The and routines implement the authentication flavor. The keyserver
daemon (see keyserv(1M)) must be running for the authentication system
to work, and keylogin(1) must have been run. Only the style of authen‐
tication is discussed here. For information about the and styles of
authentication, refer to rpc_clnt_auth(3N).
The routines documented on this page are Thread Safe. For the other
authentication styles, see the section of the routines' respective man‐
ual pages.
The HP-UX implementation of RPC only supports the X/Open Transport
Interface (XTI). Applications that are written using the Transport
Layer Interface (TLI) and wish to use RPC, must convert their applica‐
tion to XTI.
Routines
See rpc(3N) for the definition of the data structure.
This is the first of two functions that interface to the
RPC secure authentication system The second is the function.
The function is used on the server side to convert an creden‐
tial, which is operating system independent, to an credential.
The function returns if it succeeds, if it fails.
The parameter is set to the user's numerical ID associated with
adc. The parameter is set to the numerical ID of the user's
group. The parameter contains the numerical IDs of the other
groups to which the user belongs. The is set to the number of
valid group ID entries specified by the parameter.
The function fails if the structure was created with the netname
of a host. In such a case, should be used to get the host name
from the host netname in the structure.
The second of two
authentication functions, the function is used on the client
side to return an authentication handle that will enable the use
of the secure authentication system. The first parameter, name,
specifies the network name netname of the owner of the server
process. This field usually represents a hostname derived from
the utility, but could also represent a user name converted with
the utility.
The second parameter, window, specifies the validity of the
client credential in seconds. If the difference in time between
the client's clock and the server's clock exceeds window, the
server rejects the client's credentials and the clock will have
to be resynchronized. A small window is more secure than a
large one, but choosing too small a window increases the fre‐
quency of resynchronization due to clock drift.
The third parameter, timehost, is the host's name and is
optional. If timehost is NULL, the authentication system
assumes that the local clock is always in sync with the timehost
clock, and does not attempt resynchronization. If a timehost is
supplied, the system consults the remote time service whenever
resynchronization is required. The timehost parameter is usu‐
ally the name of the host on which the server is running.
The final parameter, ckey, is also optional. If ckey is NULL,
the authentication system will generate a random DES key to be
used for the encryption of credentials. If ckey is supplied, it
is used for encryption.
If fails, it returns NULL.
This function returns the unique, operating system independent netname
of the caller in the fixed-length array name. The function
returns if it succeeds and if it fails.
This function converts a domain-specific hostname
host to an operating system independent netname. The function
returns if it succeeds and if it fails. The function is the
inverse of the function. If the domain is NULL, uses the
default domain name of the machine. If host is NULL, it
defaults to that machine itself. If domain is NULL and host is
an NIS name such as the function uses the domain rather than the
default domain name of the machine.
This function is an interface to the keyserver daemon, which is
associated with RPC's secure authentication system authentica‐
tion). User programs rarely need to call or the associated
functions and
The function takes a server netname remotename and a DES key
deskey, and decrypts the key by using the public key of the
server and the secret key associated with the effective UID of
the calling process. The function is the inverse of the func‐
tion. The function returns if it succeeds, if it fails.
This function is a keyserver interface routine that takes a server net‐
name
remotename and a DES key deskey, and encrypts the key using the
public key of the server and the secret key associated with the
effective UID of the calling process. If the keyserver does not
have a key registered for the UID, it falls back to using the
secret key for the netname unless this feature has been dis‐
abled. See keyserv(1M). The function is the inverse of the
function. The function returns if it succeeds, if it fails.
This is a keyserver interface function used to ask the keyserver for a
secure conversation key. Selecting a conversation key at random
is generally not secure because the common ways of choosing ran‐
dom numbers are too easy to guess. The function returns if it
succeeds, if it fails.
This is a keyserver interface function used to set the key for the
effective UID of the calling process. This function returns if
it succeeds, if it fails.
This is a keyserver interface function used to determine if a key
has been set for the effective UID of the calling process. If
the keyserver has a key stored for the effective UID of the
calling process, the function returns Otherwise it returns
This function converts an operating system independent netname
name to a domain-specific hostname host. The hostlen parameter
is the maximum size of host. The function returns if it suc‐
ceeds and if it fails. The function is the inverse of the func‐
tion.
This function converts an operating system independent netname to a
domain-specific user ID. The function returns if it succeeds
and if it fails. The function is the inverse of the function.
The parameter is set to the user's numerical ID associated with
name. The parameter is set to the numerical ID of the user's
group. The gidlist parameter contains the numerical IDs of the
other groups to which the user belongs. The parameter is set to
the number of valid group ID entries specified by the gidlist
parameter.
This function converts a domain-specific username to an operating
system independent netname. The function returns if it succeeds
and if it fails. The function is the inverse of the function.
MULTITHREAD USAGE
Thread Safe: Yes
Cancel Safe: Yes
Fork Safe: No
Async-cancel Safe: No
Async-signal Safe: No
These functions can be called safely in a multithreaded environment.
They may be cancellation points in that they call functions that are
cancel points.
In a multithreaded environment, these functions are not safe to be
called by a child process after and before These functions should not
be called by a multithreaded application that supports asynchronous
cancellation or asynchronous signals.
SEE ALSOchkey(1), keyserv(1M), newkey(1M), rpc(3N), rpc_clnt_auth(3N).
secure_rpc(3N)