RPC Authentication Protocol

Edit online

The RPC protocol provisions for authentication of the caller to the server, and vice versa, are provided as part of the RPC protocol.

Every remote procedure call is authenticated by the RPC package on the server. Similarly, the RPC client package generates and sends authentication parameters. The call message has two authentication fields: credentials and verifier. The reply message has one authentication field: response verifier.

The following RPC protocol specification defines as an opaque data type the credentials of the call message and the verifiers of both the call and reply messages:


enum auth_flavor {
     AUTH_NULL    = 0,
     AUTH_UNIX    = 1,
     AUTH_SHORT   = 2,
     AUTH_DES     = 3
     /* and more to be defined */
};
struct opaque_auth {
     auth_flavor flavor;
     opaque body<400>;
};

Any opaque_auth structure is an auth_flavor enumeration followed by bytes that are opaque to the RPC protocol implementation. The interpretation and semantics of the data contained within the authentication fields are specified by individual, independent authentication protocol specifications.

If authentication parameters are rejected, response messages state the reasons. A server can support multiple types of authentication at one time.