OSF DCE Application Development Guide--Core Components
Chapter 22. Overview of Security
This chapter provides a brief overview of the two security services available in DCE:
• DCE Security Service
• Generic Security Services (GSS)
Refer to the OSF DCE Application Development Reference for detailed information on
the Application Program Interfaces (APIs) discussed in the security chapters of this
guide.
22.1 Purpose and Organization of the Security Chapters
This part of the guide explains the major features of DCE security so that you can decide
what, if anything, you need to do to ensure that your DCE application is sufficiently
secure. A lot of security is built into DCE, so in many cases you will need to do nothing,
or very little, to secure your DCE application. Furthermore, you do not need to
understand all of the details of the DCE security services in order to use them effectively.
Following the overview of the DCE Security Service in this chapter are two chapters that
contain conceptual discussions of authentication and authorization. The remaining
chapters in this part of the guide discuss the DCE Security Service APIs—registry, login,
extended registry attribute (ERA), extended privilege attribute (EPA), key management,
access control list (ACL), password management, and ID map—and GSS credentials.
22.2 About Authenticated RPC
Perhaps the most important security facility is the authenticated remote procedure call
(RPC) facility. Authenticated RPC enables distributed applications to participate in
authenticated network communications. Applications using the authenticated RPC
routines may select the authentication protocol and the authorization protocol to be used,
and set various protocol-independent protection levels for communicating with remote
entities (users, servers, and computers).
124245 Tandem Computers Incorporated 22−1