RFC 2695 (rfc2695) - Page 1 of 18
Authentication Mechanisms for ONC RPC
Alternative Format: Original Text Document
Network Working Group A. Chiu
Request for Comments: 2695 Sun Microsystems
Category: Informational September 1999
Authentication Mechanisms for ONC RPC
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
ABSTRACT
This document describes two authentication mechanisms created by Sun
Microsystems that are commonly used in conjunction with the ONC
Remote Procedure Call (ONC RPC Version 2) protocol.
WARNING
The DH authentication as defined in Section 2 in this document refers
to the authentication mechanism with flavor AUTH_DH currently
implemented in ONC RPC. It uses the underlying Diffie-Hellman
algorithm for key exchange. The DH authentication defined in this
document is flawed due to the selection of a small prime for the BASE
field (Section 2.5). To avoid the flaw a new DH authentication
mechanism could be defined with a larger prime. However, the new DH
authentication would not be interoperable with the existing DH
authentication.
As illustrated in [10], a large number of attacks are possible on ONC
RPC system services that use non-secure authentication mechanisms.
Other secure authentication mechanisms need to be developed for ONC
RPC. RFC 2203 describes the RPCSEC_GSS ONC RPC security flavor, a
secure authentication mechanism that enables RPC protocols to use
Generic Security Service Application Program Interface (RFC 2078) to
provide security services, integrity and privacy, that are
independent of the underlying security mechanisms.
Chiu Informational