Filter
Top Products
Chapter 9 367
An Overview of ITO Processes
Understanding ITO Processes
Process Authentication
An important step in the authentication procedure that an ITO RPC
process goes through involves the obtaining of a login context. Every
secure RPC process has a login context, which it either inherits from its
parent process or establishes itself. The login context requires a name (or
principal) and a password (or key). Since ITO processes usually run
without any user interaction, reliance on an inherited login context is not
sufficiently secure. So, each process creates its own login context with a
name and password that must be registered at the DCE security service.
However, like UNIX, multiple processes may run within the same login
context. Management and maintenance of the login context is carried out
internally by the control agent and control manager.
Once the authentication process has completed successfully, a connection
is established, and the RPC request-reply sequence starts.
Authentication can be limited to the connection, the first RPC Client-
Server call or all RPCs between client and server. The following simple
example of communication between an RPC client and an RPC server
illustrates the procedure in the context of ITO. In this case, the RPC
client is the message agent on the managed node, and the RPC server is
the message receiver on the management server:
1. The message agent (RPC client) reads its password from the key file.
2. The message agent uses the password to log in to the security server,
procure a login context, and obtain a server ticket.
3. The message agent sends an RPC request to the message receiver
(RPC server).
4. The message receiver compares the ticket with the password
contained in the key file.
5. If the password matches, the message receiver tells the message
agent to proceed with its RPC request.
Process Names and Passwords
In ITO, both the management server and the managed nodes run RPC
clients and servers at the same time. This allows ITO to simplify a given
process’ requirements for configuration information prior to an RPC call,
namely:
❏ name and own password
❏ security level