OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

531

532

533

534

535

536

537

538

539

540

DCE Security Service

Figure 23-2. Client Acquires Ticket-Granting Ticket Using Third-Party Protocol

password

Privilege Service

Registry Service

Authentication Service

API layer

sec_login_setup_

identity(principalname..

sec_login_valid_and

cert_ident(password..

User Interface

Legend:

conversation key 1

mtgt host machine TGTmachine session key

request TGT for client

corresponding to

principalname

mtgt

user’s secret key

conversation key 2

mtgt

TGT

client’s TGT

rpc

if status=OK, then get PTGT

from PS (Privilege Service)

Security runtime

Security Server

Client Principal

mtgt

TS timestamp

secval Process

TGT

TGTTGT

TGT

PS conversation key

mtgt

23−8 Tandem Computers Incorporated 124245