Figure 10-1 the dce rpc client-server authenticati, Security:ito process names, Process names and passwords – HP UX B6941-90001 User Manual

442

Chapter 10

Tuning, Troubleshooting, Security, and Maintenance

ITO Security

3. The RPC client sends the RPC request

4. The RPC server (

opcmsgr

) checks the ticket with the password in the

key file

Figure 10-1

The DCE RPC Client-Server Authentication Process

Process Names and Passwords

In ITO, both the management server and the managed nodes run RPC
clients and servers at the same time. Perhaps paradoxically, this allows
ITO to simplify a given process’ requirements for configuration
information prior to an RPC call, namely:

❏ name and own password

❏ security level

However, this configuration information must be present on both the
management server and the managed node.

In the context of DCE, ITO associates just two names (or principals)
with the two types of node in its environment, namely: one each for the
management server and the managed node. All management server
process then run under the name associated with the management
server, and all processes relating to the managed node in question run
under the identity of the name associated with the managed node. For

Managed

Node

Management

Server

opcctlm

opcctla

opcmsga

opcmsgr

DCE

security

server

ITO RPC

ITO RPC

Login

Login

Key file

Key file

Read password
for login

Read password
for login

Check incoming
requests

Check

requests

incoming

1

2

3

4