Secure RPC (Remote Procedure Call) protects remote procedures with an authentication mechanism. The Diffie-Hellman authentication mechanism authenticates both the host and the user who is making a request for a service. The authentication mechanism uses Data Encryption Standard (DES) encryption. Applications that use Secure RPC include NFS and the NIS naming service.
Kerberos is an authentication system that was developed at MIT. A client-side and server-side implementation of Kerberos V5, which uses RPCSEC_GSS, is included with this release. For more information, see How to Configure Kerberos NFS Servers in Managing Kerberos in Oracle Solaris 11.4.
The Diffie-Hellman (DH) method of authenticating a user is nontrivial for an intruder to crack. The client and the server have their own private key, which they use with the public key to devise a common key. The private key is also known as the secret key. The client and the server use the common key to communicate with each other. The common key is encrypted with an agreed-upon encryption function, such as DES.
Authentication is based on the ability of the sending system to use the common key to encrypt the current time. Then, the receiving system can decrypt and check against its current time. The time on the client and the server must be synchronized. The Network Time Protocol (NTP) can be used to synchronize clocks. NTP public domain software from the University of Delaware is included in the Oracle Solaris software. Documentation is available from the NTP Documentation web site.
The public keys and private keys are stored in an NIS database. NIS stores the keys in the publickey map. This file contains the public key and the private key for all potential users.
The system administrator is responsible for setting up NIS maps and for generating a public key and a private key for each user. The private key is stored in encrypted form with the user's password. This process makes the private key known only to the user.