Original link:
https://www.ibm.com/support/knowledgecenter/en/ssw_aix_71/com.ibm.aix.progcomc/rpc_auth.htm
The caller may not want to identify itself to the server, and the server may not require an ID from the caller. However, some network services, such as the Network File System (NFS), require stronger security. Remote Procedure Call (RPC) authentication provides a certain degree of security.
The following are part of RPC authentication:
RPC deals only with authentication and not with access control of individual services. Each service must implement its own access control policy and reflect this policy as return statuses in its protocol. The programmer can build additional security and access controls on top of the message authentication.
The authentication subsystem of the RPC package is open-ended. Different forms of authentication can be associated with RPC clients. That is, multiple types of authentication are easily supported at one time. Examples of authentication types include UNIX, DES, and NULL. The default authentication type is none (AUTH_NULL).
RPC Authentication ProtocolThe RPC protocol provisions for authentication of the caller to the server, and vice versa, are provided as part of the RPC protocol.
NULL AuthenticationSometimes, the RPC caller does not know its own identity or the server does not need to know the caller's identity. In these cases, the AUTH_NULL authentication type can be used in both the call message and response messages. The bytes of the opaque_auth
body are undefined. The opaque length should be 0.
UNIX AuthenticationA process calling a remote procedure might need to identify itself as it is identified on the UNIX system. The value of the credential's discriminant of an RPC call message is AUTH_UNIX.
Data Encryption Standard (DES) AuthenticationDES authentication offers more security features than UNIX authentication.
DES Authentication ProtocolThis section explains the DES authentication protocol.
Diffie-Hellman EncryptionThe public key scheme used in DES authentication is Diffie-Hellman with 192-bit keys. The Diffie-Hellman encryption scheme includes two constants: BASE and MODULUS.
