Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
331332333334335336337338339340
Chapter 27. Overview of DCE Security
This chapter provides a brief introduction to the DCE Security Service. The DCE
Security Service consists of the following services:
Registry service—Maintains the registry database, which is a replicated database of
principals, groups, organizations, accounts, and administrative policies.
Authentication service—Handles user authentication or the process of verifying that
principals are correctly identified. The authentication service also issues tickets that
a principal uses to access remote services. The ticket contains data that is presented
by the principal requesting the service to the principal providing the service.
Privilege service—Supplies the user’s privilege attributes, which are used to ensure
that a principal has the rights to perform requested operations.
In addition, the DCE Security Service provides the following:
Access control list (ACL) facility—Establishes and grants access rights to an object
based on the object’s access permissions.
Extended registry attribute (ERA) facility—Provides tools to extend the registry
database schema to define additional attributes and tools to attach those attributes to
registry objects.
The DCE host daemon (dced) acts as the security client.
The DCE Registry, Authentication, and Privilege Services are implemented as a single
daemon: the security server (secd).
27.1 DCE Authentication Service Servers and Clients
The authentication service consists of the registry database, security servers, and security
clients. A security client communicates with a security server (dcelocal/bin/secd)to
request information and operations. The security servers access the registry database to
perform queries and updates and to validate user logins. To gain access to the registry
database, the authentication service must talk to the registry service. Figure 27-1 is a
simplified representation of the relationship between security clients, servers, and the
registry database.
124243 Tandem Computers Incorporated 271