OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

521

522

523

524

525

526

527

528

529

530

Authentication

23.2 A Walkthrough of the Shared-Secret Authentication

Protocol

This section presents a 2-part walkthrough of the Shared-Secret Authentication protocol:

• Section 23.2.1, ‘‘A Walkthrough of User Authentication,’’ explains what happens

when a user logs in using the default DCE login tool.

• Section 23.2.2, ‘‘A Walkthrough of DCE Application Authentication Using

Authenticated RPC,’’ explains what happens when the logged-in user runs an

application that uses authenticated RPC.

• Section 23.2.3, ‘‘A Walkthrough of DCE Application Authentication Using

GSSAPI,’’ explains what happens when the logged-in user runs an application that

uses GSSAPI.

The walkthrough is seen primarily from the user and the associated application-client

side. Schematic representations of events related to the protocol accompany the

discussions. The illustrations in this chapter do not show what literally happens when a

user logs in and runs an authenticated application; they are intended only to provide a

general understanding of the protocol.

In these illustrations, ﬁll patterns represent encryption key values and encrypted data.

When the key symbol appears in a box, it indicates a key is being passed as data. When

the key symbol appears on a line, it indicates that encryption or decryption is taking

place, depending on whether the resulting data is represented as encrypted or not (see the

following ﬁgure).

Figure 23-1. Representational Conventions Used in Authentication Walkthrough Illustrations

data being decrypteddata being encryptedan encryption

key being passed

as data

data encrypted

with various

encryption keys

various

encryption keys

Note: All computer-to-computer communications initiated by DCE Security are

processed through the Remote Procedure Call mechanism, although client

and server RPC runtimes are not illustrated.

Finally, note that it is unnecessary to understand the Shared-Secret protocol in order to

use it. We have described it here so that application developers who may be uncertain

about whether it is sufﬁciently secure for their needs can decide whether it is or not. If

you already know that it is adequate for your needs (or are simply uninterested), go on to

124245 Tandem Computers Incorporated 23−5