2.1.1 RPC Server Settings

The LREC protocol uses Security Support Provider Interface (SSPI) security provided by RPC, as specified in [MS-RPCE] section 3.3.1.5.2, for sessions using TCP as the transport protocol. The server MUST register RPC_C_AUTHN_GSS_NEGOTIATE as the security provider.

The server MUST allow only authenticated access to RPC clients. The server MUST NOT allow anonymous RPC clients.

The server MUST limit access only to clients that negotiate an authentication level equal or higher than that of RPC_C_AUTHN_LEVEL_PKT (see [MS-RPCE] section 2.2.1.1.8).