Specifying the Authentication Type
The auth_info parameter has the following syntax:
{auth_serv_type name prot_level authentication_service authorization_service}
where:
auth_serv_type Specifies the authentication type, which can be
· none - No authentication is performed.
· dce - Standard DCE authentication is performed.
If you are using no authentication, no other information except the binding itself is required. If you are using the standard DCE authentication type, you must specify all the remaining parameters.
name Specifies the principal name of the trigger server.
prot_level Specifies the protection level that determines the degree to which authenticated communications between the client and the server are protected by the authentication
service. The possible protection levels are
· default - Uses the default protection level of pkt.
· none - Performs no authentication: tickets are not exchanged, session keys are not established, client EPACs or names are not certified, and transmissions are in
the clear. Note that although uncertified EPACs should not be trusted, they may be useful for debugging, tracing, and measurement purposes.
· connect - Authenticates only when the client establishes a relationship with the server.
· call - Authenticates only at the beginning of each remote procedure call when the server receives the request.
This level does not apply to remote procedure calls made over a connection-based protocol sequence (that is, ncacn_ip_tcp). If this level is specified and the binding handle uses a
connection-based protocol sequence, the routine uses the pkt protection level instead.
· pkt - Ensures that all data received is from the expected client.
· pktinteg - Ensures and verifies that none of the data transferred between client and server has been modified. This is the highest protection level that is
guaranteed to be present in the RPC runtime.
· pktprivacy - Authenticates as specified by all of the previous levels and also encrypts each RPC argument value. This is the highest protection level, but it is
not guaranteed to be present in the RPC runtime.
authentication_service Specifies the authentication service. The exact level of protection provided by the authentication service is specified by the protection level. The
supported authentication services are as follows:
· default - DCE shared-secret key.
· none - No authentication: no tickets are exchanged, no session keys established, client EPACs or names are not transmitted, and transmissions are in the clear.
Specify none to turn authentication off for remote procedure calls made using this binding.
· secret - DCE shared-secret key authentication.
authorization_service Specifies the authorization service. The validity and trustworthiness of authorization data, like any application data, is dependent on the authentication
service and protection level specified. The supported authorization services are as follows:
· none - Server performs no authorization. This is valid only if the authorization service is set to none, specifying that no authentication is being
performed.
· name - Server performs authorization based on the client principal name. This value cannot be used if the authorization service is none.
· dce - Server performs authorization by using the client's DCE EPAC sent to the server with each remote procedure call made with this binding. Generally, access is
checked against DCE ACLs.
|