1 .\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
2 .\" $FreeBSD: src/lib/libc/rpc/rpc_secure.3,v 1.6.2.5 2001/12/14 18:33:57 ru Exp $
9 .Nd library routines for secure remote procedure calls
16 .Fa "struct sockaddr *addr"
20 .Fn authdes_getucred "struct authdes_cred *adc" "uid_t *uid" "gid_t *gid" "int *grouplen" "gid_t *groups"
22 .Fn getnetname "char *name"
24 .Fn host2netname "char *name" "char *host" "char *domain"
26 .Fn key_decryptsession "const char *remotename" "des_block *deskey"
28 .Fn key_encryptsession "const char *remotename" "des_block *deskey"
30 .Fn key_gendes "des_block *deskey"
32 .Fn key_setsecret "const char *key"
34 .Fn netname2host "char *name" "char *host" "int hostlen"
36 .Fn netname2user "char *name" "uid_t *uidp" "gid_t *gidp" "int *gidlenp" "gid_t *gidlist"
38 .Fn user2netname "char *name" "uid_t uid" "char *domain"
40 These routines are part of the
42 library. They implement
46 for further details about
51 is the first of two routines which interface to the
53 secure authentication system, known as
57 .Fn authdes_getucred ,
60 Note: the keyserver daemon
62 must be running for the
64 authentication system to work.
67 used on the client side, returns an authentication handle that
68 will enable the use of the secure authentication system.
71 is the network name, or
73 of the owner of the server process.
77 derived from the utility routine
79 but could also represent a user name using
81 The second field is window on the validity of
82 the client credential, given in seconds. A small
83 window is more secure than a large one, but choosing
84 too small of a window will increase the frequency of
85 resynchronizations because of clock drift.
91 then the authentication system will assume
92 that the local clock is always in sync with the server's
93 clock, and will not attempt resynchronizations.
95 is supplied, however, then the system will use the address
96 for consulting the remote time service whenever
99 This parameter is usually the
105 is also optional. If it is
107 then the authentication system will
110 key to be used for the encryption of credentials.
111 If it is supplied, however, then it will be used instead.
113 .Fn Authdes_getucred ,
114 the second of the two
116 authentication routines,
117 is used on the server side for converting a
120 operating system independent, into a
123 This routine differs from utility routine
127 pulls its information from a cache, and does not have to do a
128 Yellow Pages lookup every time it is called to get its information.
131 installs the unique, operating-system independent netname of
133 caller in the fixed-length array
142 converts from a domain-specific hostname to an
143 operating-system independent netname.
152 .Fn Key_decryptsession
153 is an interface to the keyserver daemon, which is associated
156 secure authentication system
159 User programs rarely need to call it, or its associated routines
160 .Fn key_encryptsession ,
164 System commands such as
168 library are the main clients of these four routines.
170 .Fn Key_decryptsession
171 takes a server netname and a
173 key, and decrypts the key by
174 using the public key of the server and the secret key
175 associated with the effective uid of the calling process. It
177 .Fn key_encryptsession .
179 .Fn Key_encryptsession
180 is a keyserver interface routine.
182 takes a server netname and a des key, and encrypts
183 it using the public key of the server and the secret key
184 associated with the effective uid of the calling process. It
186 .Fn key_decryptsession .
189 is a keyserver interface routine.
191 is used to ask the keyserver for a secure conversation key.
194 is usually not good enough,
196 the common ways of choosing random numbers, such as using the
197 current time, are very easy to guess.
200 is a keyserver interface routine.
201 It is used to set the key for
204 of the calling process.
207 converts from an operating-system independent netname to a
208 domain-specific hostname.
213 if it fails. Inverse of
217 converts from an operating-system independent netname to a
218 domain-specific user ID.
228 converts from a domain-specific username to an operating-system
242 The following manuals:
244 .%B Remote Procedure Calls: Protocol Specification
247 .%B Remote Procedure Call Programming Guide
250 .%B Rpcgen Programming Guide
253 .%B RPC: Remote Procedure Call Protocol Specification
254 .%O RFC1050, Sun Microsystems Inc., USC-ISI