December 1999
Intermediate to advanced
544 pages
13h 38m
English
How does an RPC service like NFS identify a client? Is the client’s hostname sufficient if multiple users can log into the client computer? RPC authentication addresses this problem. It allows the server to identify the sender of each RPC request, which we will further refer to as a principal. A principal may identify some service on a client computer (such as a superuser or administrator) or a person (e.g., Bob or Alice).
This chapter describes several types of authentication credentials. By far the most commonly used for NFS is the easy-to-use but notoriously insecure AUTH_SYS credential. The secure Diffie-Hellman and Kerberos credentials are much less commonly used because they are more difficult to implement ...