Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Authentication Numbers
2009-04-15
2022-09-14
RPC Authentication Flavor Numbers
First Come First Served
For all RPC authentication flavor and authentication status numbers
to be used on the Internet, it is strongly advised that an
informational or standards-track RFC be published describing the
authentication mechanism behaviour and parameters.
New pseudo-flavor requests will be assigned from the 390000-390255
block. All other assignments will be made sequentially starting from
decimal 400000.
AUTH_NONE
none
0
no authentication, see RFC 1831/a.k.a. AUTH_NULL
AUTH_SYS
sys
1
unix style (uid+gids), RFC 1831/a.k.a. AUTH_UNIX
AUTH_SHORT
2
short hand unix style, RFC 1831
AUTH_DH
dh
3
des style (encrypted timestamp)/a.k.a. AUTH_DES, see RFC 2695
AUTH_KERB
krb4
4
kerberos auth, see RFC 2695
AUTH_RSA
5
RSA authentication
RPCSEC_GSS
6
GSS-based RPC security for auth, integrity and privacy, RFC 5403
AUTH_TLS
TLS
7
Indicates support for RPC-over-TLS
8-30000
Unassigned
AUTH_NW
30001
NETWARE
30002-199999
Unassigned
AUTH_SEC
200000
TSIG NFS subcommittee
200001-200003
Unassigned
AUTH_ESV
200004
SVr4 ES
200005-299999
Unassigned
AUTH_NQNFS
300000
Univ. of Guelph - Not Quite NFS
AUTH_GSSAPI
300001
OpenVision (john.linn@ov.com)
AUTH_ILU_UGEN
300002
Xerox (janssen@parc.xerox.com) - ILU Unsecured Generic Identity
AUTH_SPNEGO
390000
390000-390255
NFS 'pseudo' flavors for RPCSEC_GSS
krb5
390003
kerberos_v5 authentication, RFC 2623
krb5i
390004
kerberos_v5 with data integrity, RFC 2623
krb5p
390005
kerberos_v5 with data privacy, RFC 2623
390256-199999999
Unassigned
200000000
Reserved
200100000
NeXT Inc.
RPC Authentication Status Numbers
First Come First Served
For all RPC authentication flavor and authentication status numbers
to be used on the Internet, it is strongly advised that an
informational or standards-track RFC be published describing the
authentication mechanism behaviour and parameters.
AUTH_OK
0
success/failed at remote end
AUTH_BADCRED
1
bad credential (seal broken)
AUTH_REJECTEDCRED
2
client must begin new session
AUTH_BADVERF
3
bad verifier (seal broken)
AUTH_REJECTEDVERF
4
verifier expired or replayed
AUTH_TOOWEAK
5
rejected for security reasons/failed locally
AUTH_INVALIDRESP
6
bogus response verifier
AUTH_FAILED
7
reason unknown/AUTH_KERB errors; deprecated. See [RFC2695]
AUTH_KERB_GENERIC
8
kerberos generic error
AUTH_TIMEEXPIRE
9
time of credential expired
AUTH_TKT_FILE
10
problem with ticket file
AUTH_DECODE
11
can't decode authenticator
AUTH_NET_ADDR
12
wrong net address in ticket/RPCSEC_GSS GSS related errors
RPCSEC_GSS_CREDPROBLEM
13
no credentials for user
RPCSEC_GSS_CTXPROBLEM
14
problem with context
RPCSEC_GSS_INNER_CREDPROBLEM
15
No credentials for multi-principal assertion inner context user
RPCSEC_GSS_LABEL_PROBLEM
16
Problem with label assertion
RPCSEC_GSS_PRIVILEGE_PROBLEM
17
Problem with structured privilege assertion
RPCSEC_GSS_UNKNOWN_MESSAGE
18
Unknown structured privilege assertion
RPCSEC_GSS Structured Privilege Names Registry
Standards Action
The structured privilege with a zero-length name and the fifteen
additional lower case and mixed case permutations of each of 'EXPE'
and 'PRIV' are also Reserved.
EXPE
PRIV
copy_to_auth
copy_from_auth
copy_confirm_auth
William A.(Andy) Adamson
mailto:andros&netapp.com
2016-11-02