Every time an NIS+ principal requests access to an NIS+ object, the NIS+ software performs a multistage process to authenticate that principal:
NIS+ checks the cred table of the object's domain. If:
The principal has LOCAL credential information, NIS+ uses the domain information contained in the LOCAL credential to find the principal's home domain cred table where it obtains the information it needs.
The principal has no credential information, the rest of the process is aborted and the principal is given the authorization access class of nobody.
NIS+ gets the user's DES credential from the cred table of the user's home domain. The encrypted private key is decrypted with the user's password and saved by the keyserver.
The common key is then used to generate an encrypted DES key. To do this, Secure RPC generates a random number which is then encrypted using the common key. For this reason, the DES key is sometimes referred to as the random key or the random DES key.
NIS+ then creates a 15-second window, which is encrypted with the DES key. This window is the maximum amount of time that is permitted between the time stamp and the server's internal clock.
NIS+ then passes the following information to the server where the NIS+ object is stored:
The access request (whatever it might be)
The principal's DES credential
Window verifier (encrypted), which is the encrypted window plus one
The object's server receives this information.
The object's server uses the Secure RPC netname portion of the credential to look up the principal's public key in the cred table of the principal's home domain.
The server then uses the principal's public key and the server's private key to regenerate the common key. This common key must match the common key that was generated by the principal's private key and the server's public key.
The common key is used to decrypt the DES key that arrived as part of the principal's credential.
The server decrypts the principal's time stamp with the newly decrypted DES key and verifies it with the window verifier.
If the time difference at the server exceeds the window limit, the request is denied and the process aborts with an error message. For example, suppose the time stamp is 9:00am and the window is one minute. If the request is received and decrypted by the server after 9:01am, it is denied.
If the time stamp is within the window limit, the server checks to see if the time stamp is greater than the one previously received from the principal. This ensures that NIS+ requests are handled in the correct order.
Requests received out of order are rejected with an error message. For example, if the time stamp is 9:00am and the most recently received request from this principal had a time stamp of 9:02am, the request would be rejected.
Requests that have a time stamp equal to the previous one are rejected with an error message. This ensures that a replayed request is not acted on twice. For example, if the time stamp is 9:00am and the most recently received request from this principal also had a time stamp of 9:00am, this request would be rejected.
If the time stamp is within the window limit, and greater than the previous request from that principal, the server accepts the request.
The server then complies with the request and stores the time stamp from this principal as the most recently received and acted on request.
To confirm to the principal that the information received from the server in answer to the request comes from a trusted server, the server encrypts the time stamp with the principal's DES key and sends it back to the principal along with the data.
At the principal's end, the returned time stamp is decrypted with the principal's DES key.
If the decryption succeeds, the information from the server is returned to the requester.
If the decryption fails for some reason, an error message is displayed.