Administering Remote Procedure Calls (RPC)

Secure RPC overview

Secure RPC is a security protocol, based on DES encryption, built into the RPC software. Remote programs that use Secure RPC expect client users to have a public/secret key entry in a shared master /etc/publickey file. Access to Secure RPC programs is controlled by the keyserv daemon which accesses the /etc/publickey file when users invoke keylogin. One /etc/publickey database exists for each Secure RPC domain.

Secure RPC users must be given entries in /etc/publickey by the RPC administrator before they can use Secure RPC programs.

In addition, the administrator of every client machine should edit /etc/profile to remove the comment character that has commented out the keylogin command; in this way, keylogin will be invoked for each user at login time. Thereafter Secure RPC commands and programs can be used in the same way ordinary commands and programs are used.

NOTE: Every machine that allows use of Secure RPC is a client machine.

One of the Secure RPC commands, chkey, allows users to change their Secure RPC passwords.

The .profile files of Secure RPC users should be set up to call keylogout(1bnu) automatically at the end of a terminal session. For example:

   # .profile code fragment
   trap "keylogout" 0

CAUTION: A Secure RPC user should always execute keylogout before logging off the system. Failure to do so is a serious security infraction.

(See sh(1) for details on use of trap for executing commands at the end of a terminal session.)

NOTE: The presence of Secure RPC has no effect on remote programs that do not use the secure protocol. Such programs work normally, whether or not the user is also a secure RPC user.

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004