OSF DCE Application Development Guide--Core Components

DCE Security Service

2. Since the request for a ticket to the Privilege Service is encrypted under the

conversation key associated with the TGT, the Authentication Service believes

that the identity of the user is authentic; that is, no other principal could have sent

a message so encrypted because no other principal knows the secret key under

which the Authentication Service encrypted that conversation key. Since the user

has proved to the Authentication Service knowledge of the key, the

Authentication Service allows the user to talk to the Privilege Service, and so

prepares a ticket to that service. This ticket contains the identity of the user (and a

second conversation key) encrypted under the secret key of the Privilege Service.

Like the TGT envelope, the envelope containing the ticket to the Privilege

Service also contains the second conversation key, for use in conversing with the

Privilege Service, and is encrypted with the ﬁrst conversation key.

Note: Beginning with Figure 23-4, the illustrations do not show the

Authentication Service decrypting and reencrypting requests for

tickets, since it knows all of the keys.

3. Upon receipt of the envelope containing the ticket to the Privilege Service, the

Security client runtime decrypts the envelope using the ﬁrst conversation key,

and in the process learns the second conversation key. The client RPC runtime

sends the Privilege Service ticket to the Privilege Service.

23−14 Tandem Computers Incorporated 124245