Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
521522523524525526527528529530
Authentication
replicas) defines a separate cell.
From the perspective of security only, a cell is also known as a ‘‘realm.’’ We mention
this because the term ‘‘realm’’ is more familiar to some readers than is the term ‘‘cell.’’
A security cell is always configured to coincide with a corresponding CDS cell, and
perhaps Distributed File System (DFS) cell as well. DCE documentation refers to such a
collective configuration of services as a ‘‘cell.’’
23.1.3 The Shared-Secret Authentication Protocol
Authenticated RPC and GSSAPI enable you to specify the authentication protocol to be
used in authenticating principals. Authentication protocols other than DCE Shared-
Secret Authentication may or may not be supported.
DCE Shared-Secret Authentication implements an extended version of the Kerberos
Version 5 system as its authentication protocol. The Kerberos system was developed at
the Massachusetts Institute of Technology as part of Project Athena, and provides a
trustworthy, shared-secret authentication system. The walkthrough of the authentication
protocol in this chapter describes the protocol in general terms.
23.1.4 Protection Levels
Protection levels specify how much of the information in network messages exchanged
by principals is encrypted. As a rule, the higher the protection level, the greater the
negative impact on performance. An application can set a protection level using either
Authenticated RPC or GSSAPI.
23.1.4.1 Authenticated RPC and Protection Levels
The Authenticated RPC facility provides several levels of protection so that applications
can control tradeoffs between security and performance. Following is a summary of
some of the protection levels that an application using Authenticated RPC may specify:
Connect Level: Performs authentication only when a client and server establish a
relationship
Call Level: Attaches a verifier to each client call and server response
Packet-Integrity Level: Ensures that none of the data transferred between two
principals has been modified in transit
Packet-Privacy Level: Incorporates lesser protection levels and in addition encrypts
all RPC argument values
124245 Tandem Computers Incorporated 233