ONC+ RPC Developer's Guide

Exit Print View

 
Updated: July 2014
 
 

Authentication Using RPCSEC_GSS

A determined snoop can overcome the authentication flavors mentioned previously- AUTH_SYS, AUTH_DES, and AUTH_KERB. For this reason a new networking layer, the Generic Security Standard API, or GSS-API, was added, which RPC programmers can use. The GSS-API framework offers two extra services beyond authentication: integrity and privacy.

  • Integrity. With the integrity service, the GSS-API uses the underlying mechanism to authenticate messages exchanged between programs. Cryptographic checksums establish:

    • The identity of the data originator to the recipient

    • The identity of the recipient to the originator if mutual authentication is requested

    • The authenticity of the transmitted data itself

  • Privacy. The privacy service includes the integrity service. In addition, the transmitted data is also encrypted to protect it from any eavesdroppers.

    Because of U.S. export restrictions, the privacy service might not be available to all users.

Note - Currently, the GSS–API is exposed, and certain GSS-API features are visible through RPCSEC_GSS functions. See the Developer’s Guide to Oracle Solaris 11 Security .
Copyright © 1996, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next