Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
431432433434435436437438439440
OSF DCE Administration Guide—Core Components
Once the trust relationship is established, you can control foreign principals’ access to
specific objects with ACL entries, just as you do for principals in the local cell. The trust
relationship also allows users in the foreign cell to log into accounts in the local cell and
vice versa.
Two kinds of trust relationships allow principals in other cells to engage in authenticated
access to objects in your cell. These relationships are direct trust relationships and
hierarchical transitive trust relationships. Throughout this chapter the term transitive
trust relationship is used to indicate the DCE implementation of hierarchical transitive
trust relationships.
33.1.1 Direct Trust Relationships
In a direct trust relationship, two cells’ authentication service share authentication keys
and trust each other to authenticate principals from their respective cells. Therefore, both
cells consider all users from each cell to be authenticated if they are marked as
authenticated by their respective authentication services. The shared authentication keys
are derived from a single password (one for each cell) that is used by all principals from
one cell to be authenticated to the other cell. A direct trust relationship involves only two
cells.
33.1.2 Transitive Trust Relationships
A transitive trust relationship comes about as a result of a direct trust relationship. In
this relationship, cells in a direct trust relationship trust (with some constraints) each
other’s authentication service to authenticate principals not only from their respective
cells but also from the cells with which they have direct trust relationships. A transitive
trust relationship can involve three or more cells. A transitive trust relationship is
illustrated in Figure 33-1.
Figure 33-1. Transitive Trust Relationships
transitive trust
direct trust
AB
direct trust
C
In this figure, cell A trusts peer cell B (the cell with which it has a direct trust
relationship) to authenticate the principals in cell B and to guarantee the authentication
of the principals in cell B/C (the cell with which it has a transitive trust relationship).
33 2 Tandem Computers Incorporated 124243