Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
511512513514515516517518519520
OSF DCE Application Development Guide—Core Components
22.7 Summary of DCE Security Services and Facilities
The DCE Security Service consists of services and facilities. The security services are
The registry service, which maintains a database of principals, groups, organizations,
accounts, and administrative policies.
The authentication service, which verifies the identity of a principal and issues
tickets that the principal uses to access remote services. (A ticket is data about a
principal that is presented to the entity providing the service.)
The privilege service, which certifies a principal’s privilege attributes (that is, its
name and group memberships, which are represented as UUIDs).
The three security services are implemented in a single daemon, the security server.
The DCE Security Service facilities are
The login facility, which enables a principal to establish its network identity.
The ERA facility, which extends the registry database to maintain attribute types and
instances.
The EPA facility, which provides access to the information in extended privilege
attribute certificates (EPACs)
The ACL facility, which enables a principal’s access to an object to be determined by
a comparison of the principal’s privilege attributes to the object’s permissions.
The key management facility, which enables noninteractive principals (most
frequently, servers) to manage their secret keys.
The ID map facility, which maps cell-relative principal names to global principal
names, and global principal names to cell-relative principal names. This facility is
used in connection with the transmission of information about principals that are
members of different DCE cells.
The password management facility, which enables principal’s passwords to be
generated, and to be subjected to strength-checks beyond those defined in DCE
standard policy.
For UNIX system compatibility with DCE, the DCE Security Service also provides
implementations of UNIX system C library interfaces to the /etc/passwd and /etc/group
files.
22.7.1 Interfaces to the Security Server
Following are the user interfaces to the security server itself (see the and the OSF DCE
Administration Reference):
secd
22 6 Tandem Computers Incorporated 124245