OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

191

192

193

194

195

196

197

198

199

200

CDS Concepts

example, a CDS server allows a user to create a new directory only if that user’s identity

has been veriﬁed. The process of verifying that users are who they say they are is called

authentication. The proof is in the form of a user name, or principal name, coupled with a

special kind of password.

CDS servers themselves must be authenticated principals for two reasons:

• To prove to clients that they are trustworthy

• To prove to each other that they have the permission to modify and manage the data

that they share

The principal name of a CDS server is automatically selected by the conﬁguration

program and is placed in a group that contains the names of all CDS servers in the cell.

The group is stored as an entry in the DCE Security Service database. After initial

contact with a CDS server, the clerk conﬁrms through the DCE Security Service that the

server is a valid member of the server group.

Authentication is not an end in itself, but is instead a step in the process of authorization.

Once the identity of a principal has been veriﬁed, the software must next determine

whether that principal has the permissions that are required to perform a requested

action. This is called authorization. Therefore, to create a new directory, the user in the

previous example must not only be authenticated, but have the appropriate permissions

as well.

Servers need to be authenticated to each other because they share and modify replicated

data. For example, suppose server A and server B both store a replica of the same

directory. Associated with each directory is a list of all the servers authorized to maintain

that directory. When a user modiﬁes an entry in the replica at server B, server B must

notify server A of the change. Server A does not accept the update unless server B is an

authenticated principal and is one of the principals authorized to modify that directory.

The CDS permissions are read, write, insert, delete, test, control, and administer. Each

has a slightly different meaning depending on the kind of name it is associated with, but,

in general, their meanings are as follows:

• Read permission lets users view data.

• Write permission lets users add or change data.

• Insert permission lets users create entries in a directory.

• Delete permission lets users delete entries.

• Test permission lets users test whether an attribute of a name has a speciﬁc value

without being able to see any values—that is, without having read permission to the

name. The main advantage of this permission is that it gives application

programmers a more efﬁcient way to check for a value: rather than reading a whole

set of values, the application can test for a particular value.

• Control permission lets users manage the access control list (ACL) of an entry.

• Administer permission lets users manage directory replication.

Note that it is possible to deﬁne a special ACL for users who cannot be authenticated or

who deliberately request unauthenticated operations. In such a case, the user’s identity is

not veriﬁed, and the ACL entry for unauthenticated users determines whether the user

has the permissions to perform the requested action. (See Part 6 of this guide for details

124243 Tandem Computers Incorporated 12−7