1 .\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
9 .Nd library routines for secure remote procedure calls
16 .Fa "struct sockaddr *addr"
20 .Fn authdes_getucred "struct authdes_cred *adc" "uid_t *uid" "gid_t *gid" "int *grouplen" "gid_t *groups"
22 .Fn getnetname "char *name"
24 .Fn host2netname "char *name" "const char *host" "const char *domain"
26 .Fn key_decryptsession "const char *remotename" "des_block *deskey"
28 .Fn key_encryptsession "const char *remotename" "des_block *deskey"
30 .Fn key_gendes "des_block *deskey"
32 .Fn key_setsecret "const char *key"
34 .Fn netname2host "char *name" "char *host" "int hostlen"
36 .Fn netname2user "char *name" "uid_t *uidp" "gid_t *gidp" "int *gidlenp" "gid_t *gidlist"
38 .Fn user2netname "char *name" "const uid_t uid" "const char *domain"
40 These routines are part of the
48 for further details about
53 is the first of two routines which interface to the
55 secure authentication system, known as
59 .Fn authdes_getucred ,
62 Note: the keyserver daemon
64 must be running for the
66 authentication system to work.
71 used on the client side, returns an authentication handle that
72 will enable the use of the secure authentication system.
75 is the network name, or
77 of the owner of the server process.
81 derived from the utility routine
83 but could also represent a user name using
85 The second field is window on the validity of
86 the client credential, given in seconds.
88 window is more secure than a large one, but choosing
89 too small of a window will increase the frequency of
90 resynchronizations because of clock drift.
97 then the authentication system will assume
98 that the local clock is always in sync with the server's
99 clock, and will not attempt resynchronizations.
101 is supplied, however, then the system will use the address
102 for consulting the remote time service whenever
105 This argument is usually the
114 then the authentication system will
117 key to be used for the encryption of credentials.
118 If it is supplied, however, then it will be used instead.
123 the second of the two
125 authentication routines,
126 is used on the server side for converting a
129 operating system independent, into a
132 This routine differs from utility routine
136 pulls its information from a cache, and does not have to do a
137 Yellow Pages lookup every time it is called to get its information.
142 installs the unique, operating-system independent netname of
144 caller in the fixed-length array
155 converts from a domain-specific hostname to an
156 operating-system independent netname.
166 .Fn key_decryptsession
168 is an interface to the keyserver daemon, which is associated
171 secure authentication system
174 User programs rarely need to call it, or its associated routines
175 .Fn key_encryptsession ,
179 System commands such as
183 library are the main clients of these four routines.
186 .Fn key_decryptsession
188 takes a server netname and a
190 key, and decrypts the key by
191 using the public key of the server and the secret key
192 associated with the effective uid of the calling process.
195 .Fn key_encryptsession .
198 .Fn key_encryptsession
200 is a keyserver interface routine.
202 takes a server netname and a des key, and encrypts
203 it using the public key of the server and the secret key
204 associated with the effective uid of the calling process.
207 .Fn key_decryptsession .
212 is a keyserver interface routine.
214 is used to ask the keyserver for a secure conversation key.
217 is usually not good enough,
219 the common ways of choosing random numbers, such as using the
220 current time, are very easy to guess.
225 is a keyserver interface routine.
226 It is used to set the key for
229 of the calling process.
234 converts from an operating-system independent netname to a
235 domain-specific hostname.
247 converts from an operating-system independent netname to a
248 domain-specific user ID.
260 converts from a domain-specific username to an operating-system
274 The following manuals:
276 .%B Remote Procedure Calls: Protocol Specification
279 .%B Remote Procedure Call Programming Guide
282 .%B Rpcgen Programming Guide
285 .%B RPC: Remote Procedure Call Protocol Specification
286 .%O RFC1050, Sun Microsystems Inc., USC-ISI