PreviousNext

Security and RPC: Using Authenticated Remote Procedure Calls

DCE RPC supports authenticated communications between clients and servers. Authenticated RPC works with the authentication and authorization services provided by the DCE Security Service.

On the application level, a server makes itself available for authenticated communications by registering its principal name and the authentication service that it supports with the RPC runtime. The server principal name is the name used to identify the server as a principal to the registry service provided by the security service. In practice, this name is usually the same as the name that the server uses to register itself with the DCE Directory Service.

A client must establish the authentication service, protection level, and authorization service that it wishes to use in its communications with a server. The client identifies the intended server by means of the principal name that the server has registered with the RPC runtime. Once the required authentication, protection, and authorization parameters have been established for the server binding handle, the client issues remote procedure calls to the server as it normally does.

The security service, in conjunction with the RPC runtime, assumes responsibility for the following:

· Authenticating the client and server in accordance with the requested authentication service

· Applying the requested level of protection to communications between the client and server

· Providing client authorization data to the server in a form determined by the requested authorization service

Note: For a detailed discussion of authentication within the context of DCE security, refer to Authentication in Part 5 of this guide.

More:

Authentication

Authorization

Authenticated RPC Routines

Using RPC Within a Single Thread