Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
521522523524525526527528529530
Overview of Security
Security API
RPC API
Security and RPC runtime libraries
Local operating system
Applications
Default DCE
Security tools
Local OS
security APIs
Remote
client or
server
RPC
or
Peer
to
Peer
GSSAPI
22.9 DTS, the Cell Namespace, and Security
The following subsections discuss the dependencies of DCE security on the Distributed
Time Service (DTS), and the relationship between the security namespace and the Cell
Directory Service (CDS) namespace. For information about how DCE components such
as CDS use features of DCE security, refer to the documentation on the component of
interest (for example, the section of the on CDS).
22.9.1 DTSand Security
The DCE Security Service depends on a relatively close synchronization of network
clocks, a service provided by DTS. When network clocks become too skewed,
unexpired tickets to services may be regarded as invalid, and/or expired tickets
considered valid. Excessive skewing can inconvenience users and introduce
opportunities for security breaches; in the latter case, administrative intervention is
required.
22.9.2 The Cell Namespace and the Security Namespace
The registry database maintains three security namespaces: the principal, group, and
organization (PGO) namespaces. These namespaces are distinct from the cell
namespace maintained by CDS. Security names take the following form:
/.../ cell_name/pgo_name
CDS names take the following form:
/.../ cell_name/pathname/object_name
124245 Tandem Computers Incorporated 22 11