OSF DCE Application Development Guide--Core Components
DCE Security Service
Figure 23-3. Client Acquires Ticket-Granting Ticket Using the DCE1.0 Protocol
sec_login_setup_
identity(
principalname. .
.)
TGT
login:
principalname
password
Authentication Service
conversation key 1
client principal’s secret key encrypted with client principal’s secret key
encrypted with conversation key 1
Legend:
Client Principal
encrypted with Authentication Service’s secret key
Authentication Service’s secret key
sec_login_valid_and_
cert_ident(
passwd. . .
)
Registry Service
Privilege Service
Security runtime
TGT
ID
Security Server
User interface
API layer
TGT
ID
TGT
ID
TGT
ID
ID
get TGT for client ID
corresponding to
principalname
RPC
If status = OK, then get ptgt
prepare TGT
If status = OK, then get
password
The DCE1.0 protocol proceeds as follows (refer to Figure 23-3 as you read following
steps):
1. The user logs in, entering the correct username. The login tool invokes
sec_login_setup_identity( ), which takes the user’s principal name as one of its
arguments. This call causes the client Security runtime to request a Ticket-
Granting Ticket (TGT) and passes the user’s name (represented as a UUID) to the
Authentication Service. A TGT enables a principal to be granted a ticket to a
23−12 Tandem Computers Incorporated 124245