- /etc Files
- Planning Your NIS Domain
- DES Authentication
DES authentication uses the DES and public key cryptography to authenticate both users and systems in the network. DES is a standard encryption mechanism; public key cryptography is a cipher system that involves two keys: one public and one private.
The security of DES authentication is based on a sender's capability to encrypt the current time, which the receiver can then decrypt and check against its own clock. The timestamp is encrypted with DES. Two things are necessary for this scheme to work: (1) The two agents must agree on the current time, and (2) the sender and receiver must be using the same encryption key.
If a network runs a time synchronization program, the time on the client and the server is synchronized automatically. If a time synchronization program is not available, timestamps can be computed using the server's time instead of the network time. The client asks the server for the time before starting the RPC session, and then it computes the time difference between its own clock and the server's. This difference is used to offset the client's clock when computing timestamps. If the client and server clocks become out of sync to the point where the server begins to reject the client's requests, the DES authentication system resynchronizes with the server.
The client and server arrive at the same encryption key by generating a random conversation key, and then using public key cryptography (an encryption scheme involving public and secret keys) to deduce a common key. The common key is a key that only the client and server are capable of deducing. The conversation key is used to encrypt and decrypt the client's timestamp; the common key is used to encrypt and decrypt the conversation key.