Manualshelf

HP DCE/9000 Application Development Tools for HP-UX 11i Release Note

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
16171819202122232425
21
HP DCE/9000 Version 1.8 Application Development Tools for HP-UX 11i Release Note
Developing DCE Applications with HP DCE/9000
timestamp should be between 0 to 5000 ms (milliseconds). Typically 2000 ms is used in most
cases.
RPC_RESTRICTED_PORTS Environment Variable
The capability to restrict the assignment of endpoints to those in a user-specified set was
added to RPC in OSF DCE 1.0.3. This allows DCE applications to operate in environments in
which inter-network traffic is restricted to specified endpoints. The facility is activated by
setting the RPC_RESTRICTED_PORTS environment variable with the list of end points to
which dynamic assignment should be restricted before starting an RPC application.
RPC_RESTRICTED_PORTS governs only the dynamic assignment of server and client ports
by the RPC runtime. It does not affect well-known endpoints.
The facility is turned on by setting the RPC_RESTRICTED_PORTS environment variable
before starting an RPC application. The syntax of the variable is as follows:
<entry> [COLON <entry>]*
<entry> : <protseq_name>
LEFT-BRACKET <ranges> RIGHT-BRACKET
<ranges>: <range> [COMMA <range>]
*<range> : <endpoint-low> HYPHEN <endpoint-high>
For example:
ncacn_ip_tcp[5000-5110,5500-5521]:ncadg_ip_udp[6500-7000]
To use RPC_RESTRICTED_PORTS for DCE itself, set the environment variable before
starting your cell. The environment variable must be set whenever you restart DCE.
Note that this facility does not add any security to RPC and is not intended as a security
feature. It merely facilitates configuring a network "fire wall" to allow incoming calls to DCE
servers.
RPC Authentication
The OSF DCE Application Development Guide and the OSF DCE Application Development
Reference may be misleading about what happens when an unauthenticated client calls a
server that has specified authentication. In such a case, theRPC runtime will not perform any
authentication, and the call will either reach the server manager code, or be rejected by the
runtime, depending on the following conditions:
If the client specified no authentication, then none is attempted by the RPC runtime. The
call reaches the manager code whether the server specified authentication or not. This
permits both authenticated and unauthenticated clients to call authenticated servers.
When the manager receives an unauthenticated call, it must make a decision about how to
proceed.