OSF DCE Application Development Guide--Core Components
Overview of Security
22.7.3 Interfaces to the Extended Registry Attribute Facility
The user interface to the ERA facility consists of DCE control program (dcecp)
commands that allow users to modify the registry schema to create and maintain attribute
types and to create and maintain instances of those types.
The API to the ERA facility consists of calls that are prefixed with sec_rgy_attr_.
22.7.4 Interfaces to the Extended Privilege Attribute Facility
There are no user interfaces to the EPA facility. The API to this facility consists of calls
that are prefixed with sec_cred_. These routines extract data from EPACs.
22.7.5 Interfaces to the Key Management Facility
For a distributed application, it may be important for a server to have a network identity
that is distinct from the principal identity it inherits from the user who invokes it or the
host on which it runs. The key management facility provides features that enable
noninteractive principals to manage their secret keys.
The user interface to the key management facility consist of a few rgy_edit
subcommands that enable an administrator to maintain a key table. A remote interface
allows users and administrators to maintain key tables on remote machines through the
dcecp keytab verbs. A subset of local operations is also available though this interface.
These subcommands call the key management API, which consists of several calls with
the prefix sec_key_.
22.7.6 Interfaces to the ID Map Facility
There are no user interfaces to the ID map facility. The API to this facility consists of
calls that are prefixed wht sec_id_. These routines map a global principal or group name
into a cell name and a cell-relative principal or group name, and generate a global
principal or group name from a cell name and a cell-relative principal or group name.
This API also converts between the internal (UUID) representation of a name and the
human-readable string.
124245 Tandem Computers Incorporated 22−9