1) Secure RPC is an additional authentication flavor for ONC RPC that uses
a public-key system to ensure that nobody is passing forged credentials
over the wire.
The RPC protocol allows arbitrary authentication "flavors". Normally,
the flavor "NULL" is used, or "UNIX", which carries around a UID and GID
list, must be used from a reserved port to be trusted. The idea was
that secure RPC would use DES encryption, based on keys obtained through
a public-key distribution scheme.
Unfortunately, I don't know anyone who has successfully set up secure
RPC (the primary application is, of course, secure NFS). There are also
some ad-hoc changes done by Athena to use Kerberos authentication to
NFS.
It differs from non-secure RPC in that it uses a different
authentication flavor. ONC RPC supports multiple flavors of
credentials:
AUTH_NONE - No credentials; the server has no idea who the user
was who made the request, so there better not be any risks of
an unauthorized user making the request.
AUTH_UNIX - UNIX user ID, group ID, and group list passed over
the wire; if you work hard enough, and it's not *that* difficult,
you can send somebody else's user ID over the wire--NFS servers
often map user ID 0 to the user ID for "nobody", and may do
other mappings, but few other servers do that kind of mapping.
AUTH_DES - "network name" passed over the wire, which is
converted to the appropriate native machine credentials (for
UNIX, a user ID, group ID, and group set) on the server. The
credentials are encrypted using a public-key system, which makes
it more difficult to forge credentials, but, allegedly, the
public-key cryptosystem in question *is* breakable if you burn
enough cycles.
"Secure RPC" in SunOS/ONC terms is RPC using AUTH_DES authentication.
Other flavors of authentication can be added by developers.
There is a very good writeup on Secure RPC in the "Security Features
Guide" (part number: 800-1735-10), May 1988 for SunOS 4.0.x, section 6.3
"RPC Authentication." This information was moved to "Network and
Communications Administration" (part number 800-3805-10), March 1990 in
the SunOS 4.1 DocBox set, section 14.9 "RPC Authentication".
2) The auto-mount feature of NFS provides a mechanism to mount
automatically NFS exported filesystems on the fly. This allows dynamic
mounting of NFS partitions without having to explicitly mount the
partitions from within the "/etc/fstab" file or by using the mount(1)
command.
A/UX 2.0 does NOT have the NFS automount feature. However, A/UX 3.0 DOES
have this feature.
3) There are no plans to support Token Ring under A/UX. Therefore, there
are no plans to support TCP/IP running over Token Ring.
Article Change History:
1 Sept 1994 - Reviewed.
Support Information Services