Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

secure_rpc(3n) [hpux man page]

secure_rpc(3N)															    secure_rpc(3N)

NAME
secure_rpc: authdes_getucred(), authdes_seccreate(), getnetname(), host2netname(), key_decryptsession(), key_encryptsession(), key_gen- des(), key_setsecret(), key_secretkey_is_set(), netname2host(), netname2user(), user2netname() - library routines for secure remote proce- dure calls SYNOPSIS
DESCRIPTION
RPC library routines allow C programs to make procedure calls on other machines across the network. RPC supports various authentication flavors. Among them are: No authentication (none). Traditional UNIX-style authentication. DES encryption-based authentication. The and routines implement the authentication flavor. The keyserver daemon (see keyserv(1M)) must be running for the authentication system to work, and keylogin(1) must have been run. Only the style of authentication is discussed here. For information about the and styles of authentication, refer to rpc_clnt_auth(3N). The routines documented on this page are Thread Safe. For the other authentication styles, see the section of the routines' respective manual pages. The HP-UX implementation of RPC only supports the X/Open Transport Interface (XTI). Applications that are written using the Transport Layer Interface (TLI) and wish to use RPC, must convert their application to XTI. Routines See rpc(3N) for the definition of the data structure. This is the first of two functions that interface to the RPC secure authentication system The second is the function. The function is used on the server side to convert an credential, which is operating system independent, to an credential. The function returns if it succeeds, if it fails. The parameter is set to the user's numerical ID associated with adc. The parameter is set to the numerical ID of the user's group. The parameter contains the numerical IDs of the other groups to which the user belongs. The is set to the number of valid group ID entries specified by the parameter. The function fails if the structure was created with the netname of a host. In such a case, should be used to get the host name from the host netname in the structure. The second of two authentication functions, the function is used on the client side to return an authentication handle that will enable the use of the secure authentication system. The first parameter, name, specifies the network name netname of the owner of the server process. This field usually represents a hostname derived from the utility, but could also represent a user name converted with the utility. The second parameter, window, specifies the validity of the client credential in seconds. If the difference in time between the client's clock and the server's clock exceeds window, the server rejects the client's credentials and the clock will have to be resynchronized. A small window is more secure than a large one, but choosing too small a window increases the frequency of resyn- chronization due to clock drift. The third parameter, timehost, is the host's name and is optional. If timehost is NULL, the authentication system assumes that the local clock is always in sync with the timehost clock, and does not attempt resynchronization. If a timehost is supplied, the sys- tem consults the remote time service whenever resynchronization is required. The timehost parameter is usually the name of the host on which the server is running. The final parameter, ckey, is also optional. If ckey is NULL, the authentication system will generate a random DES key to be used for the encryption of credentials. If ckey is supplied, it is used for encryption. If fails, it returns NULL. This function returns the unique, operating system independent netname of the caller in the fixed-length array name. The function returns if it succeeds and if it fails. This function converts a domain-specific hostname host to an operating system independent netname. The function returns if it succeeds and if it fails. The function is the inverse of the function. If the domain is NULL, uses the default domain name of the machine. If host is NULL, it defaults to that machine itself. If domain is NULL and host is an NIS name such as the function uses the domain rather than the default domain name of the machine. This function is an interface to the keyserver daemon, which is associated with RPC's secure authentication system authentication). User programs rarely need to call or the associated functions and The function takes a server netname remotename and a DES key deskey, and decrypts the key by using the public key of the server and the secret key associated with the effective UID of the calling process. The function is the inverse of the function. The function returns if it succeeds, if it fails. This function is a keyserver interface routine that takes a server netname remotename and a DES key deskey, and encrypts the key using the public key of the server and the secret key associated with the effective UID of the calling process. If the keyserver does not have a key registered for the UID, it falls back to using the secret key for the netname unless this feature has been disabled. See keyserv(1M). The function is the inverse of the function. The function returns if it succeeds, if it fails. This is a keyserver interface function used to ask the keyserver for a secure conversation key. Selecting a conversation key at random is generally not secure because the common ways of choosing random numbers are too easy to guess. The function returns if it succeeds, if it fails. This is a keyserver interface function used to set the key for the effective UID of the calling process. This function returns if it succeeds, if it fails. This is a keyserver interface function used to determine if a key has been set for the effective UID of the calling process. If the keyserver has a key stored for the effective UID of the calling process, the function returns Otherwise it returns This function converts an operating system independent netname name to a domain-specific hostname host. The hostlen parameter is the maximum size of host. The function returns if it succeeds and if it fails. The function is the inverse of the function. This function converts an operating system independent netname to a domain-specific user ID. The function returns if it succeeds and if it fails. The function is the inverse of the function. The parameter is set to the user's numerical ID associated with name. The parameter is set to the numerical ID of the user's group. The gidlist parameter contains the numerical IDs of the other groups to which the user belongs. The parameter is set to the number of valid group ID entries specified by the gidlist parameter. This function converts a domain-specific username to an operating system independent netname. The function returns if it succeeds and if it fails. The function is the inverse of the function. MULTITHREAD USAGE
Thread Safe: Yes Cancel Safe: Yes Fork Safe: No Async-cancel Safe: No Async-signal Safe: No These functions can be called safely in a multithreaded environment. They may be cancellation points in that they call functions that are cancel points. In a multithreaded environment, these functions are not safe to be called by a child process after and before These functions should not be called by a multithreaded application that supports asynchronous cancellation or asynchronous signals. SEE ALSO
chkey(1), keyserv(1M), newkey(1M), rpc(3N), rpc_clnt_auth(3N). secure_rpc(3N)
Man Page