SUMMARY: secure rpc???

From: Thomas Lester (tlester@spain.iakom.com)
Date: Tue Sep 29 1998 - 17:23:50 CDT


Thanks so much to Guy Harris for giving such a complete answere. Read his
comments below. I don't think I can summarize any better!

-t

Original (w/ comments)...

>I was wondering if Any of the current or future versions of Solaris come
>with secure rpc?

All versions of Solaris 2.x - *and* 1.x - come with "secure ONC RPC" in
the sense of "DES-authenticated RPC". Whether that should be considered
"secure RPC" is another question, as I seem to remember hearing that the
encryption it uses is not too difficult to crack.

Solaris 2.x, but not 1.x, also comes with Kerberos-authenticated RPC.
2.6 might include GSS-authenticated RPC - the include files mention it,
but the man pages don't.

>Also, what is involved in implementing it

If "it" is "DES-authenticated or Kerberos-authenticated RPC", then it
involves:

        setting up the infrastructure they need (I can't help you on
        that; hopefully, Sun documents all the NIS maps, etc. you have
        to set up - and the Kerberos V7 (yes, V4) infrastructure for
        Kerberos-authenticated RPC);

        writing or configuring your client RPC applications to use it,
        by creating authentication handles for authentication flavors
        AUTH_DES or AUTH_KERB (see "secure_rpc(2n)" on Solaris 2.x, and
        whatever man page is appropriate in 1.x);

        writing your server applications to handle those authentication
        flavors, and possibly configuring the server applications to
        require those flavors.

>What if a connecting workstation doesn't use it?

If the server application doesn't reject AUTH_NONE or AUTH_UNIX, it
should work fine. If it *does* reject them, the client program, if
properly written, will note that fact and fail or whatever.

------------- End Forwarded Message -------------

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+==+=+=+=+=+=+=+=+=+=+=+=
Thomas Lester UNIX Systems Administrator
tlester@iakom.com http://www.iakom.com
----------------------------------------------------------------------
"God wouldn't be up this late!" - The Plague, Hackers
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+==+=+=+=+=+=



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:49 CDT