As previously stated, authentication parameters are opaque, but
open-ended to the rest of the RPC protocol. This section defines two
standard "flavors" of authentication. Implementors are free to
invent new authentication types, with the same rules of flavor number
assignment as there is for program number assignment. The "flavor"
of a credential or verifier refers to the value of the "flavor" field
in the opaque_auth structure. Flavor numbers, like RPC program
numbers, are also administered centrally, and developers may assign
new flavor numbers by applying through electronic mail to
"rpc@sun.com". Credentials and verifiers are represented as variable
length opaque data (the "body" field in the opaque_auth structure).
In this document, two flavors of authentication are described. Of
these, Null authentication (described in the next subsection) is
mandatory - it must be available in all implementations. System
authentication is described in Appendix A. It is strongly
recommended that implementors include System authentication in their
implementations. Many applications use this style of authentication,
and availability of this flavor in an implementation will enhance
interoperability.
