OSF DCE Application Development Guide--Core Components
DCE Security Service
Figure 23-5. Client Sets Authentication and Authorization Information
rpc_ns_binding_import_begin()
rpc_ns_binding_import_next()
.
.
.
rpc_binding_set_auth_info(
binding
server_princ_name
authn_svc
protect_level
authz_svc
)
binding handle
to application
server
User interface
start application
API layer
RPC
Client Principal
(Applies the specified authentication
protocol, protection level, and
authorization protocol to the binding
service)
CDS Server
If status = OK, then set auth info
Note: Refer to Figure 23-6 as you read the following steps.
4. The client now requests some operation to be performed by the server. The client
RPC runtime determines the binding handle that corresponds to the remote
interface that can perform the operation, and requests a ticket to the principal that
supports that interface. To acquire the ticket, the Security runtime encloses the
PTGT, along with the principal name of the application server, in an envelope
encrypted under the third conversation key. The client sends the envelope to the
Authentication Service.
5. The Authentication Service uses the application server’s secret key to reencrypt
the authentication information and a fourth conversation key. The ticket to the
application server is in turn encrypted with the third conversation key in an
envelope that also includes the fourth conversation key. The Authentication
Service returns the envelope to the client’s Security runtime.
6. The Security runtime decrypts the envelope using the third conversation key, in
the process learning the fourth conversation key. The Security runtime then uses
the fourth conversation key to encrypt the application request to the server, and
the client RPC runtime sends the application request to the server.
23−18 Tandem Computers Incorporated 124245