diff options
Diffstat (limited to 'lib/librpc/secure_rpc/README')
-rw-r--r-- | lib/librpc/secure_rpc/README | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/lib/librpc/secure_rpc/README b/lib/librpc/secure_rpc/README deleted file mode 100644 index b8a860e..0000000 --- a/lib/librpc/secure_rpc/README +++ /dev/null @@ -1,92 +0,0 @@ -Export restriction prohibit us from including DES encryption routines in RPCSRC -4.0. The main RPCSRC 4.0 hierarchy does not include DES Authentication, -however this directory contains the documentation and code used to build secure -rpc. THIS DISTRIBUTION OF SECURE RPC NEEDS EXTENSIVE WORK BEFORE IT CAN BE -USED. PLEASE READ THE PORTING GUIDLINES BELOW. - -HIERARCHY - -bin/ - - This directory contains chkey and keylogin. These are user programs - used to establish the credentials of an RPC user. - -demo/ - The 'whoami' service is found here. It can be used to test secure RPC. - rpcgen is used to build the client and server. - -des/ - - des_crypt.h defines the interfaces to cbc_crypt() and ecb_crypt(), - the DES routines used by DES Authentication. - des.h defines the desparams structure that is used internally by - these routines. Secure RPC expects it to be installed in - /usr/include/sys. - des_crypt.c defines the cbc_crypt() and ecb_crypt() routines. These - eventually call the routine _des_crypt(), which is *not* provided. - des_soft.c contains the des_setparity() routine. - -doc/ - - The document "nfs.secure.ms" is found here. It describes Secure - RPC and Secure NFS. - -keyserv/ - - This is an RPC based program that stores the private keys for - users that are using secure RPC. - -man/ - - Manual pages for the programs and library routines are found here. - -rpc/ - - The routines in this directory should be integrated with the - default rpc directory to make a single RPC library. The Makefile - found in this directory replaces the one in ../rpc. Note: the file - svc_auth.c in this directory replaces the one in ../rpc. Also, the - file ../rpc/rpc.h should be edited to include the file <rpc/des_auth.h> - (it presently is commented out). - -PORTING GUIDELINES - -You will need to provide a DES encryption routine. man/des_crypt.3 describes -the interface to ecb_crypt() and cbc_crypt() (secure RPC uses both modes). The -des/ directory has the "front-end" for these routines in the des_crypt.c file. - -Since public key authentication systems require a network global data lookup -facility, this implementation uses Sun's Yellow Pages. If your site does not -have Yellow Pages, you will have to modify the routines in rpc/publickey.c and -bin/chkey.c. One possible approach is to replace the YP calls with code to -read the file /etc/publickey; this file would presumably be shared by all -secure RPC sites via NFS or some equivalent file sharing facility. If you wish -to implement YP yourself, the RPCL (.x) protocol description file can be found -in ../rpcsvc/yp.x. - -The routines in rpc/ and keyserv/ assume that the file des/des_crypt.h -is installed in /usr/include (they include <des_crypt.h>). The file -des/des_crypt.c assumes that des.h is installed in /usr/include/sys (it -include <sys/des.h>). The des/ directory does not have a Makefile that -would install these header files, so you will either have to do this -by hand, or modify the routines to include the header files in a way suitable -for your site. - -While the programs in bin/ and keyserv/ can be built in place (assuming -the header files they include and the RPC library are available), the files -in rpc/ must be moved into ../rpc/, the main RPC library. The Makefile and -svc_auth.c found in rpc/ will replace those found in ../rpc/. You must also -edit ../rpc/rpc.h to include <rpc/des_auth.h>. - -OPERATION - -Please read the documentation and manual pages for information on how to -administer secure RPC. - -In the demo/ directory you'll find the 'whoami' service. This service uses DES -Authentication, and can be used to check out secure RPC. The client program, -'rme' takes a host as an argument. This host must be running the keyserv -daemon and the 'whoami_svc' server. The service returns the identity of the -client-user as known to the system on which the server is running. This -information is only returned, however, if the client request has proper DES -credentials. |