Compartir a través de


2.2.1.1.8 Authentication Levels

The RPC protocol extensions specify the following values for the authentication levels.

Name

Value

Meaning

RPC_C_AUTHN_LEVEL_DEFAULT

0x00

Same as RPC_C_AUTHN_LEVEL_CONNECT

RPC_C_AUTHN_LEVEL_NONE

0x01

No authentication.

RPC_C_AUTHN_LEVEL_CONNECT

0x02

Authenticates the credentials of the client and server.

RPC_C_AUTHN_LEVEL_CALL

0x03

Same as RPC_C_AUTHN_LEVEL_PKT.

RPC_C_AUTHN_LEVEL_PKT

0x04

Same as RPC_C_AUTHN_LEVEL_CONNECT but also prevents replay attacks.

RPC_C_AUTHN_LEVEL_PKT_INTEGRITY

0x05

Same as RPC_C_AUTHN_LEVEL_PKT but also verifies that none of the data transferred between the client and server has been modified.

RPC_C_AUTHN_LEVEL_PKT_PRIVACY

0x06

Same as RPC_C_AUTHN_LEVEL_PKT_INTEGRITY but also ensures that the data transferred can only be seen unencrypted by the client and the server.

If the higher-level application or protocol requests an authentication level that the implementation or security provider does not support, it MUST upgrade the request to the next highest supported level. RPC_C_AUTHN_LEVEL_PKT_PRIVACY MUST be supported.

On the client side, if the higher-level protocol requests RPC_C_AUTHN_LEVEL_CALL, the implementation MUST upgrade it to RPC_C_AUTHN_LEVEL_PKT. Similarly, on the server side, if the auth_level field of the sec_trailer structure as specified in sections 2.2.2.11 and 2.2.3.4 is RPC_C_AUTHN_LEVEL_CALL, the implementation MUST process it in the same manner as a packet with auth_level RPC_C_AUTHN_LEVEL_PKT.

Also, on the client side, if the higher-level protocol requests RPC_C_AUTHN_LEVEL_DEFAULT, the implementation MUST use RPC_C_AUTHN_LEVEL_CONNECT instead.