OSF DCE Application Development Guide--Core Components
OSF DCE Application Development Guide—Core Components
Obtains a login session’s ticket(s) to remote services (the login and su tools also
perform this service)
• klist
Lists a login session’s tickets to remote services
• kdestroy
Destroys a login session’s tickets to remote services
There are two security APIs that distributed applications are most likely to call to use the
authentication service:
• Authenticated RPC facility
• GSSAPI
Although an application that uses GSSAPI may not make explicit calls to RPC routines,
the GSSAPI implementation itself uses DCE RPC to communicate with the DCE
registry.
22.7.1.3 Privilege Service Interfaces
There are no user interfaces or APIs to the privilege service. The login facility and
authenticated RPC or GSSAPI encapsulate interactions between a principal and the
privilege service.
22.7.2 Interfaces to the Login Facility
User interfaces to the login facility consist of the following tools:
• dce_login
Enables an interactive principal to log into DCE, but does not change the principal’s
local identity
• login
Enables an interactive principal to log in
• su
Enables a logged-in interactive principal to assume a different principal identity
The API to the login facility consists of calls that are prefixed with sec_login_. This API
enables application processes to assume their network identities. Network login and
system login programs are examples of applications that call this API.
22 − 8 Tandem Computers Incorporated 124245