Example of setting up security model B for RPCs

Assume that:

A local server, lcl_serv, will run RPCs on a remote server, rem_serv.

Both servers will use security model B and the DCE security service.

These RPC security services will be in effect: mutual authentication and message integrity.

Users “user1” and “user2” will use unified login to log in to the local server, lcl_serv, and run RPCs on rem_serv. These users will be “trusted” on rem_serv and will not need to specify a password for the remote server.

User “user3” will not use unified login, will not be trusted, and must supply a password to Adaptive Server when logging in.

You would use the following sequence of commands to set up security for RPCs between the servers:

System Security Officer on remote server (rem_serv):

sp_addserver ’lcl_serv’ sp_addlogin user1, "eracg12" sp_addlogin user2, "esirpret" sp_addlogin user3, "drabmok" sp_configure "use security services", 1 sp_serveroption lcl_serv, "rpc security model B", true sp_serveroption lcl_serv, "security mechanism", dce

System Administrator on remote server (rem_serv):

sp_remoteoption lcl_serv, user1, user1, trusted, true sp_remoteoption lcl_serv, user2, user2, trusted, true

System Security Officer on local server (lcl_serv):

sp_addserver lcl_serv, local sp_addserver rem_serv sp_addlogin user1, "eracg12" sp_addlogin user2, "esirpret" sp_addlogin user3, "drabmo1" sp_configure "use security services", 1 sp_configure rem_serv, "rpc security model B", true sp_serveroption rem_serv, "security mechanism", dce sp_serveroption rem_serv, "mutual authentication" true sp_serveroption rem_serv, "use message integrity" true

In addition, the interfaces file or Directory Service must have entries for rem_serv and lcl_serv. Each entry should specify the “dce” security service. For example, you might have these interfaces entries, as created by the dscp utility:

## lcl_serv (3201) lcl_serv master tli tcp /dev/tcp \x00020c8182d655110000000000000000 query tli tcp /dev/tcp \x00020c8182d655110000000000000000 secmech 1.3.6.1.4.1.897.4.6.1 ## rem_serv (3519) rem_serv master tli tcp /dev/tcp \x000214ad82d655110000000000000000 query tli tcp /dev/tcp \x000214ad82d655110000000000000000 secmech 1.3.6.1.4.1.897.4.6.1

To actually use the security services on either server, you must restart the server so that the static parameter, use security services, takes effect.

For detailed information about setting up servers for remote procedure calls, see Chapter 13, “Managing Remote Servers.”