OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

OSF DCE Application Development Guide—Core Components

22.3 About the GSSAPI ................. 22-2

22.4 UNIX System Security and DCE Security .......... 22-2

22.5 What Authentication and Authorization Mean ......... 22-3

22.6 Authentication, Authorization, and Data Protection in Brief ..... 22-4

22.7 Summary of DCE Security Services and Facilities ........ 22-6

22.7.1 Interfaces to the Security Server .......... 22-6

22.7.2 Interfaces to the Login Facility ........... 22-8

22.7.3 Interfaces to the Extended Registry Attribute

Facility .................. 22-9

22.7.4 Interfaces to the Extended Privilege Attribute

Facility .................. 22-9

22.7.5 Interfaces to the Key Management Facility ....... 22-9

22.7.6 Interfaces to the ID Map Facility .......... 22-9

22.7.7 Interfaces to the Access Control List Facility .......22-10

22.7.8 DCE Implementations of UNIX System Program

Interfaces ................. 22-10

22.7.9 Interfaces to the Password Management Facility ......22-10

22.8 Relationships Between the DCE Security Service and DCE

Applications ...................22-10

22.9 DTS, the Cell Namespace, and Security ...........22-11

22.9.1 DTS and Security ...............22-11

22.9.2 The Cell Namespace and the Security Namespace .....22-11

Chapter 23. Authentication .................... 23-1

23.1 Background Concepts ................ 23-1

23.1.1 Principals ................. 23-2

23.1.2 Cells and Realms ............... 23-3

23.1.3 The Shared-Secret Authentication Protocol ....... 23-3

23.1.4 Protection Levels ............... 23-3

23.1.5 Data Encryption Mechanisms ........... 23-5

23.2 A Walkthrough of the Shared-Secret Authentication

Protocol .................... 23-5

23.2.1 A Walkthrough of User Authentication ........ 23-6

23.2.2 A Walkthrough of DCE Application Authentication Using

Authenticated RPC ..............23-18

23.2.3 A Walkthrough of DCE Application Authentication Using

GSSAPI .................. 23-23

23.3 Intercell Authentication ...............23-25

23.3.1 KDS Surrogates ...............23-25

23.3.2 Intercell Authentication by Trust Peers ........23-26

Chapter 24. Authorization ..................... 24-1

24.1 DCE Authorization ................. 24-1

24.1.1 Object Types and ACL Types ........... 24-2

24.1.2 ACL Manager Types .............. 24-3

24.1.3 Access Control Lists .............. 24-3

24.1.4 ACL Entries ................ 24-4

24.1.5 Access Checking ............... 24-7

24.1.6 Examples of ACL Checking ............ 24-8

24.2 Name-Based Authorization ..............24-11

xii Tandem Computers Incorporated 124245