2.1.1.2 Client Security Settings

The RPC client for the DIMSVC RPC interface MUST use ncacn_np as the RPC protocol sequence. The client MUST specify "Simple and Protected GSS-API Negotiation Mechanism" (0x09) as the authentication service, as specified in [MS-RPCE] section 2.2.1.1.7. The client SHOULD supply a service principal name (SPN) (for more information, see [SPNNAMES]) of "host/hostname" where hostname is the actual name of the server to which the client is connecting and "host/" is the literal string "host/". The RPC client MUST first bind to the named pipe mentioned in section 2.1 and use the binding handle obtained (as a part of the binding process) to further communicate with the server, as specified in section 2 of [C706]. The RPC client MAY also negotiate RPC_C_AUTHN_LEVEL_PKT_PRIVACY as the authentication level in order to ensure the communication to the RPC server is also protected with data confidentiality. The client MUST enable the server to impersonate the client identity by specifying RPC_C_IMPL_LEVEL_IMPERSONATE as the impersonation level, as specified in [MS-RPCE] section 2.2.1.1.9.