Network Working Group D. Provan
Request for Comments: 2241 Novell, Inc.
Category: Standards Track November 1997
Network Working Group D. Provan
Request for Comments: 2241 Novell, Inc.
Category: Standards Track November 1997
DHCP Options for Novell Directory Services
Novell目录服务的DHCP选项
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1997). All Rights Reserved.
版权所有(C)互联网协会(1997年)。版权所有。
Abstract
摘要
This document defines three new DHCP options for delivering configuration information to clients of the Novell Directory Services. The first option carries a list of NDS servers. The second option carries the name of the client's NDS tree. The third carries the initial NDS context. These three options provide an NDS client with enough information to connect to an NDS tree without manual configuration of the client.
本文档定义了三个新的DHCP选项,用于向Novell目录服务的客户端传递配置信息。第一个选项包含NDS服务器的列表。第二个选项包含客户端NDS树的名称。第三个包含初始NDS上下文。这三个选项为NDS客户端提供了足够的信息,无需手动配置客户端即可连接到NDS树。
Novell Directory Services is a distributed, replicated, hierarchical database of objects representing network resources such as nodes, services, users, and applications. An NDS client must be able to locate an NDS server in order to authenticate itself to the network and gain access to the database. In addition, the node's user is better served if the NDS client's attention is focused on the area of the NDS database likely to be of the most interest to the user. This specification describes DHCP options [1] that carry NDS information to TCP/IP clients of NDS. The first option, the NDS Servers Option, carries a list of NDS servers. The other two options, the NDS Tree Name Option and the NDS Context Option, provide the client with a default context within the NDS database.
Novell Directory Services是一个分布式、复制、分层的对象数据库,表示节点、服务、用户和应用程序等网络资源。NDS客户端必须能够找到NDS服务器,以便向网络进行身份验证并访问数据库。此外,如果NDS客户端的注意力集中在用户可能最感兴趣的NDS数据库区域,则节点的用户将得到更好的服务。本规范描述了将NDS信息传送到NDS的TCP/IP客户端的DHCP选项[1]。第一个选项是NDS服务器选项,其中包含NDS服务器的列表。其他两个选项,NDS树名选项和NDS上下文选项,为客户端提供NDS数据库中的默认上下文。
The NDS Tree Name Option and the NDS Context Option carry 16-bit Unicode text encoded into an octet stream using UTF-8 [4]. A complete DHCP implementation can represent of the entire Unicode character set supported by NDS. At the same time, 7-bit ASCII text is unchanged by the UTF-8 transformation. In environments where the NDS tree name and context are restricted to the range of 7-bit ASCII characters, ASCII-only DHCP clients and servers can support these options by using the ASCII text as the UTF-8 encoded data.
NDS树名选项和NDS上下文选项携带16位Unicode文本,该文本使用UTF-8编码为八位字节流[4]。一个完整的DHCP实现可以代表NDS支持的整个Unicode字符集。同时,7位ASCII文本通过UTF-8转换保持不变。在NDS树名称和上下文限制为7位ASCII字符范围的环境中,仅ASCII的DHCP客户端和服务器可以通过使用ASCII文本作为UTF-8编码数据来支持这些选项。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. [2]
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不得”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119中的说明进行解释。[2]
This option specifies one or more NDS servers for the client to contact for access to the NDS database. Servers SHOULD be listed in order of preference.
此选项指定一个或多个NDS服务器,供客户端联系以访问NDS数据库。服务器应按优先顺序列出。
The code for this option is 85. The minimum length of this option is 4 octets, and the length MUST be a multiple of 4.
此选项的代码为85。此选项的最小长度为4个八位字节,长度必须是4的倍数。
Code Len Address 1 Address 2
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--
| 85 | n | a1 | a2 | a3 | a4 | a1 | a2 | a3 | a4 | ...
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--
Code Len Address 1 Address 2
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--
| 85 | n | a1 | a2 | a3 | a4 | a1 | a2 | a3 | a4 | ...
+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--
This option specifies the name of the NDS tree the client will be contacting. NDS tree names are 16-bit Unicode strings. For transmission in the NDS Tree Name Option, an NDS tree name is transformed into octets using UTF-8. The string should NOT be zero terminated.
此选项指定客户端将要联系的NDS树的名称。NDS树名称是16位Unicode字符串。对于NDS树名选项中的传输,使用UTF-8将NDS树名转换为八位字节。字符串不应以零结尾。
The code for this option is 86. The maximum possible length for this option is 255 bytes.
此选项的代码为86。此选项的最大可能长度为255字节。
Code Len NDS Tree Name
+----+----+----+----+----+----+--
| 86 | n | c1 | c2 | c3 | c4 | ...
+----+----+----+----+----+----+--
Code Len NDS Tree Name
+----+----+----+----+----+----+--
| 86 | n | c1 | c2 | c3 | c4 | ...
+----+----+----+----+----+----+--
This option specifies the initial NDS context the client should use. NDS contexts are 16-bit Unicode strings. For transmission in the NDS Context Option, an NDS context is transformed into octets using UTF-8. The string should NOT be zero terminated.
此选项指定客户端应使用的初始NDS上下文。NDS上下文是16位Unicode字符串。对于NDS上下文选项中的传输,NDS上下文使用UTF-8转换为八位字节。字符串不应以零结尾。
A single DHCP option can only contain 255 octets. Since an NDS context name can be longer than that, this option can appear more than once in the DHCP packet. The contents of all NDS Context options in the packet should be concatenated as suggested in the DHCP specification [3, page 24] to get the complete NDS context. A single encoded character could be split between two NDS Context Options.
单个DHCP选项只能包含255个八位字节。由于NDS上下文名称可以比该名称长,因此此选项可以在DHCP数据包中出现多次。数据包中所有NDS上下文选项的内容应按照DHCP规范[3,第24页]中的建议进行连接,以获得完整的NDS上下文。单个编码字符可以在两个NDS上下文选项之间拆分。
The code for this option is 87. The maximum length for each instance of this option is 255, but, as just described, the option may appear more than once if the desired NDS context takes up more than 255 octets. Implementations are discouraged from enforcing any specific maximum to the final concatenated NDS context.
此选项的代码为87。此选项的每个实例的最大长度为255,但是,如前所述,如果所需的NDS上下文占用255个八位字节以上,则该选项可能会出现多次。不鼓励实现对最终连接的NDS上下文强制任何特定的最大值。
Code Len Initial NDS Context
+----+----+----+----+----+----+--
| 87 | n | c1 | c2 | c3 | c4 | ...
+----+----+----+----+----+----+--
Code Len Initial NDS Context
+----+----+----+----+----+----+--
| 87 | n | c1 | c2 | c3 | c4 | ...
+----+----+----+----+----+----+--
[1] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC-2132, March 1997.
[1] Alexander,S.和R.Droms,“DHCP选项和BOOTP供应商扩展”,RFC-21321997年3月。
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC-2119, March 1997.
[2] Bradner,S.“RFC中用于表示需求水平的关键词”,RFC-211997年3月。
[3] Droms, R., "Dynamic Host Configuration Protocol", RFC-2131, March 1997.
[3] Droms,R.,“动态主机配置协议”,RFC-2131,1997年3月。
[4] Yergeau, F., "UTF-8, a transformation format of Unicode and ISO 10646", RFC-2044, October 1996
[4] “UTF-8,Unicode和ISO10646的转换格式”,RFC-2044,1996年10月
DHCP currently provides no authentication or security mechanisms. Potential exposures to attack are discussed in section 7 of the DHCP protocol specification [3]. In particular, these DHCP options allow an unauthorized DHCP server to misdirect an NDS client to a nonexistent NDS server or even a spoof NDS server. These threats are similar to what NDS faces during normal operations in its native IPX environment.
DHCP目前不提供身份验证或安全机制。DHCP协议规范[3]第7节讨论了潜在的攻击风险。特别是,这些DHCP选项允许未经授权的DHCP服务器将NDS客户端错误地定向到不存在的NDS服务器,甚至是欺骗NDS服务器。这些威胁与NDS在本机IPX环境中正常运行时面临的威胁相似。
Don Provan Novell, Inc. 2180 Fortune Drive San Jose, California, 95131
Don Provan Novell,Inc.加利福尼亚州圣何塞财富大道2180号,邮编95131
Phone: +1 408 577 8440
电话:+14085778440
EMail: donp@Novell.Com
EMail: donp@Novell.Com
Copyright (C) The Internet Society (1997). All Rights Reserved.
版权所有(C)互联网协会(1997年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。