OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
{auth_serv_type name prot_level authentication_service authorization_service}
where:
auth_serv_type Specifies the authentication type, which can be
• none—No authentication is performed.
• dce—Standard DCE authentication is performed.
If you are using no authentication, no other information
except the binding itself is required. If you are using the
standard DCE authentication type, you must specify all the
remaining parameters.
name Specifies the principal name of the trigger server.
prot_level Specifies the protection level that determines the degree to
which authenticated communications between the client
and the server are protected by the authentication service.
The possible protection levels are
• default—Uses the default protection level of pkt.
• none—Performs no authentication: tickets are not
exchanged, session keys are not established, client
EPACs or names are not certified, and transmissions are
in the clear. Note that although uncertified EPACs
should not be trusted, they may be useful for
debugging, tracing, and measurement purposes.
• connect—Authenticates only when the client
establishes a relationship with the server.
• call—Authenticates only at the beginning of each
remote procedure call when the server receives the
request.
This level does not apply to remote procedure calls
made over a connection-based protocol sequence (that
is, ncacn_ip_tcp). If this level is specified and the
binding handle uses a connection-based protocol
sequence, the routine uses the pkt protection level
instead.
• pkt—Ensures that all data received is from the
expected client.
• pktinteg—Ensures and verifies that none of the data
transferred between client and server has been
modified. This is the highest protection level that is
guaranteed to be present in the RPC runtime.
• pktprivacy—Authenticates as specified by all of the
previous levels and also encrypts each RPC argument
value. This is the highest protection level, but it is not
guaranteed to be present in the RPC runtime.
32 − 10 Tandem Computers Incorporated 124243