OSF DCE Application Development Guide--Core Components
OSF DCE Application Development Guide—Core Components
Since the security namespace is rooted in the CDS namespace, security names have
equivalent CDS names. Thus, for example, an entry for a principal in the registry
database has the first of the following forms in the security namespace and the second of
the following forms in the CDS namespace:
/.../ cell_name/principal_name
/.../cell_name/security_mount_point/principal/principal_name
Note: The security ‘‘mount point’’ (security_mount_point as shown in the
preceding syntax) is determined when DCE is configured. Therefore, the
name may differ at individual sites.
There is no ambiguity about the security namespace to which a name refers because
security names are always used in contexts that identify the namespace in question. For
example, logging into DCE requires a principal name to be supplied.
However, an ACL is an object that is referenced not directly, but by the name of the
object it protects. Since protected objects are not always security objects (and therefore
may be registered only in the CDS namespace), ACL management interfaces always take
CDS names rather than security names as input, whether or not it is the ACL of a
security object (such as a registry database entry) that is being read or modified.
22 − 12 Tandem Computers Incorporated 124245