2.2.1.1.8 Authentication Levels
These extensions specify the following values for the authentication levels.
|
Name |
Value |
Meaning |
|---|---|---|
|
RPC_C_AUTHN_LEVEL_DEFAULT |
0x00 |
Same as RPC_C_AUTHN_LEVEL_CONNECT |
|
RPC_C_AUTHN_LEVEL_NONE |
0x01 |
No authentication. |
|
RPC_C_AUTHN_LEVEL_CONNECT |
0x02 |
Authenticates the credentials of the client and server. |
|
RPC_C_AUTHN_LEVEL_CALL |
0x03 |
Same as RPC_C_AUTHN_LEVEL_PKT. |
|
RPC_C_AUTHN_LEVEL_PKT |
0x04 |
Same as RPC_C_AUTHN_LEVEL_CONNECT but also prevents replay attacks. |
|
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY |
0x05 |
Same as RPC_C_AUTHN_LEVEL_PKT but also verifies that none of the data transferred between the client and server has been modified. |
|
RPC_C_AUTHN_LEVEL_PKT_PRIVACY |
0x06 |
Same as RPC_C_AUTHN_LEVEL_PKT_INTEGRITY but also ensures that the data transferred can only be seen unencrypted by the client and the server. |
If the higher-level application or protocol requests an authentication level that the implementation or security provider does not support, it MUST upgrade the request to the next highest supported level. RPC_C_AUTHN_LEVEL_PKT_PRIVACY MUST be supported.
On the client side, if the higher-level protocol requests RPC_C_AUTHN_LEVEL_CALL, the implementation MUST upgrade it to RPC_C_AUTHN_LEVEL_PKT. Similarly, on the server side, if the auth_level field of the sec_trailer structure as specified in sections 2.2.2.11 and 2.2.3.4 is RPC_C_AUTHN_LEVEL_CALL, the implementation MUST process it in the same manner as a packet with auth_level RPC_C_AUTHN_LEVEL_PKT.
Also, on the client side, if the higher-level protocol requests RPC_C_AUTHN_LEVEL_DEFAULT, the implementation MUST use RPC_C_AUTHN_LEVEL_CONNECT instead.