1 .\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
2 .\" $FreeBSD: src/lib/libc/rpc/rpc_secure.3,v 1.14 2002/12/19 09:40:23 ru Exp $
9 .Nd library routines for secure remote procedure calls
16 .Fa "struct sockaddr *addr"
20 .Fn authdes_getucred "struct authdes_cred *adc" "uid_t *uid" "gid_t *gid" "int *grouplen" "gid_t *groups"
22 .Fn getnetname "char *name"
24 .Fn host2netname "char *name" "const char *host" "const char *domain"
26 .Fn key_decryptsession "const char *remotename" "des_block *deskey"
28 .Fn key_encryptsession "const char *remotename" "des_block *deskey"
30 .Fn key_gendes "des_block *deskey"
32 .Fn key_setsecret "const char *key"
34 .Fn netname2host "char *name" "char *host" "int hostlen"
36 .Fn netname2user "char *name" "uid_t *uidp" "gid_t *gidp" "int *gidlenp" "gid_t *gidlist"
38 .Fn user2netname "char *name" "const uid_t uid" "const char *domain"
40 These routines are part of the
42 library. They implement
46 for further details about
51 is the first of two routines which interface to the
53 secure authentication system, known as
57 .Fn authdes_getucred ,
60 Note: the keyserver daemon
62 must be running for the
64 authentication system to work.
69 used on the client side, returns an authentication handle that
70 will enable the use of the secure authentication system.
73 is the network name, or
75 of the owner of the server process.
79 derived from the utility routine
81 but could also represent a user name using
83 The second field is window on the validity of
84 the client credential, given in seconds. A small
85 window is more secure than a large one, but choosing
86 too small of a window will increase the frequency of
87 resynchronizations because of clock drift.
93 then the authentication system will assume
94 that the local clock is always in sync with the server's
95 clock, and will not attempt resynchronizations.
97 is supplied, however, then the system will use the address
98 for consulting the remote time service whenever
101 This argument is usually the
107 is also optional. If it is
109 then the authentication system will
112 key to be used for the encryption of credentials.
113 If it is supplied, however, then it will be used instead.
118 the second of the two
120 authentication routines,
121 is used on the server side for converting a
124 operating system independent, into a
127 This routine differs from utility routine
131 pulls its information from a cache, and does not have to do a
132 Yellow Pages lookup every time it is called to get its information.
137 installs the unique, operating-system independent netname of
139 caller in the fixed-length array
150 converts from a domain-specific hostname to an
151 operating-system independent netname.
161 .Fn key_decryptsession
163 is an interface to the keyserver daemon, which is associated
166 secure authentication system
169 User programs rarely need to call it, or its associated routines
170 .Fn key_encryptsession ,
174 System commands such as
178 library are the main clients of these four routines.
181 .Fn key_decryptsession
183 takes a server netname and a
185 key, and decrypts the key by
186 using the public key of the server and the secret key
187 associated with the effective uid of the calling process. It
189 .Fn key_encryptsession .
192 .Fn key_encryptsession
194 is a keyserver interface routine.
196 takes a server netname and a des key, and encrypts
197 it using the public key of the server and the secret key
198 associated with the effective uid of the calling process. It
200 .Fn key_decryptsession .
205 is a keyserver interface routine.
207 is used to ask the keyserver for a secure conversation key.
210 is usually not good enough,
212 the common ways of choosing random numbers, such as using the
213 current time, are very easy to guess.
218 is a keyserver interface routine.
219 It is used to set the key for
222 of the calling process.
227 converts from an operating-system independent netname to a
228 domain-specific hostname.
233 if it fails. Inverse of
239 converts from an operating-system independent netname to a
240 domain-specific user ID.
252 converts from a domain-specific username to an operating-system
266 The following manuals:
268 .%B Remote Procedure Calls: Protocol Specification
271 .%B Remote Procedure Call Programming Guide
274 .%B Rpcgen Programming Guide
277 .%B RPC: Remote Procedure Call Protocol Specification
278 .%O RFC1050, Sun Microsystems Inc., USC-ISI