The AUTH_SHORT Verifier

When using AUTH_SYS authentication, the flavor of the response verifier received in the reply message from the server may be AUTH_NONE or AUTH_SHORT.

If AUTH_SHORT, the bytes of the response verifier's string encode a short_hand_verf structure. This opaque structure may now be passed to the server instead of the original AUTH_SYS credentials.

The server keeps a cache that maps shorthand opaque structures (passed back by way of an AUTH_SHORT style response verifier) to the original credentials of the caller. The caller can save network bandwidth and server cpu cycles by using the new credentials.

The server may flush the shorthand opaque structure at any time. If this happens, the remote procedure call message will be rejected owing to an authentication error. The reason for the failure will be AUTH_REJECTEDCRED. At this point, the caller may wish to try the original AUTH_SYS style of credentials. See Figure B-1.

Figure B-1 Authentication Process Map