2.1.3 Security

The MSDTC Connection Manager: OleTx Transports Protocol partners SHOULD use a security provider, as specified in [MS-RPCE] section 2.2.1.1.7, and an authentication level as specified in [MS-RPCE] section 2.2.1.1.8.<5>

The MSDTC Connection Manager: OleTx Transports Protocol SHOULD support three security levels: mutual authentication, incoming authentication, and no authentication.

  • If the security level is mutual authentication, the MSDTC Connection Manager: OleTx Transports Protocol partner MUST attempt to establish an RPC connection using authenticated RPC calls. If this fails, the RPC connection attempt fails. When using this security level, the MSDTC Connection Manager: OleTx Transports Protocol partner SHOULD accept authenticated RPC calls only if the authentication level is set to RPC_C_AUTHN_LEVEL_PKT_PRIVACY.<6>

  • If the security level is incoming authentication, the MSDTC Connection Manager: OleTx Transports Protocol partner MUST first attempt to establish an RPC connection using authenticated RPC calls for sessions that were initiated (through the BuildContextW method or the PokeW method) by another protocol partner. If it fails to accept authenticated RPC calls, the MSDTC Connection Manager: OleTx Transports Protocol partner MUST attempt to establish an RPC connection using unauthenticated RPC calls. When using this security level, the MSDTC Connection Manager: OleTx Transports Protocol partner SHOULD accept authenticated RPC calls only if the authentication level is set to RPC_C_AUTHN_LEVEL_PKT_PRIVACY.<7>

  • If the security level is no authentication, the MSDTC Connection Manager: OleTx Transports Protocol partner SHOULD first attempt to establish an RPC connection using authenticated RPC calls to another protocol partner. If this fails, the MSDTC Connection Manager: OleTx Transports Protocol partner MUST attempt to establish an RPC connection using unauthenticated RPC calls.