Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
521522523524525526527528529530
OSF DCE Application Development Guide—Core Components
22.7.7 Interfaces to the Access Control List Facility
The only user interface to the ACL facility is the dcecp ACL object acl_edit. This tool
edits an object’s ACL, the entries of which specify the permissions to the object that may
be granted to principals possessing specified privilege attributes.
The ACL API consists of routines that are prefixed with sec_acl_. This is the same API
that acl_edit calls, so an ACL editor or browser that is intended to replace acl_edit
would call this API. A different case is that of an application server that needs to store
and retrieve application-specific, access-control information for its clients. Such an
application needs to implement its own ACL manager by using the DCE ACL library.
(Refer to Chapter 31 for more information on ACL managers).
22.7.8 DCE Implementations of UNIX System Program Interfaces
DCE security provides implementations of UNIX system C library interfaces related to
security. These are getpwent() and the related program interfaces to the /etc/passwd
file, and getgrent( ) and the related program interfaces to the /etc/group file.
Applications that bind with libdce.a are bound with the DCE security implementations
of these interfaces.
22.7.9 Interfaces to the Password Management Facility
The user interface to the password management facility is provided by subcommands to
the rgy_edit and dcecp commands. These subcommands enforce password management
policy for principals and enable them to request generated passwords. See the
rgy_edit(8sec) and dcecp(8dce) reference pages and the for information on using these
commands to create and change principal passwords.
The API to the password management facility consists of routines that are prefixed with
sec_pwd_mgmt_. See the appropriate reference pages and Chapter 35 for information
on these routines.
22.8 Relationships Between the DCE Security Service and
DCE Applications
Figure 22-2 is a schematic illustration of the relationships among the interfaces to the
DCE Security Service, and the relationship of security interfaces to DCE applications.
Figure 22-2. DCE Security and the DCE Application Environment
22 10 Tandem Computers Incorporated 124245