Example of setting up security model B for RPCs

This example assumes that:

• A local server, “lcl_serv,” runs RPCs on a remote server, “rem_serv.”

• Both servers use security model B and the DCE security service.

• The mutual authentication and message integrity RPC security services are in effect.

• “User1” and “user2” use unified logins to log in to the local server, “lcl_serv,” and run RPCs on “rem_serv.” These users are “trusted” on “rem_serv” and need not specify a password for the remote server.

• “User3” does not use a unified login, is not trusted, and must supply a password to Adaptive Server when logging in.

To set up security for RPCs between the servers:

The interfaces file or Directory Service must have entries for “rem_serv” and “lcl_serv.” Each entry should specify the “dce” security service. For example, you might have these interfaces entries, as created by the dscp utility:

## lcl_serv (3201)
lcl_serv 
master tli tcp /dev/tcp \x00020c8182d655110000000000000000
query tli tcp /dev/tcp \x00020c8182d655110000000000000000
secmech 1.3.6.1.4.1.897.4.6.1
## rem_serv (3519)
rem_serv
master tli tcp /dev/tcp \x000214ad82d655110000000000000000
query tli tcp /dev/tcp \x000214ad82d655110000000000000000
secmech 1.3.6.1.4.1.897.4.6.1

System security officer on remote server “rem_serv” issues:

sp_addserver ’lcl_serv’
sp_addlogin user1, "eracg12"
sp_addlogin user2, "esirpret"
sp_addlogin user3, "drabmok"
sp_configure "use security services", 1
sp_serveroption lcl_serv, "rpc security model B", true
sp_serveroption lcl_serv, "security mechanism", dce

System administrator on remote server “rem_serv” issues:

sp_remoteoption lcl_serv, user1, user1, trusted, true
sp_remoteoption lcl_serv, user2, user2, trusted, true

System security officer on local server “lcl_serv” issues::

sp_addserver lcl_serv, local
sp_addserver rem_serv
sp_addlogin user1, "eracg12"
sp_addlogin user2, "esirpret"
sp_addlogin user3, "drabmo1"
sp_configure "use security services", 1
sp_configure rem_serv, "rpc security model B", true
sp_serveroption rem_serv, "security mechanism", dce
sp_serveroption rem_serv, "mutual authentication" true
sp_serveroption rem_serv, "use message integrity" true