OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

541

542

543

544

545

546

547

548

549

550

Authentication

7. The Security runtime receives the client’s request, and learns from the header

that the request is authenticated.

Figure 23-6. Client Principal Makes Application Request

Application user interface

API

Security runtime

Client Principal

RPC

Legend:

Authentication Service’s secret key

conversation key 3

conversation key 4

Application Server’s secret key

encrypted with Authentication Service’s secret key

encrypted with conversation key 3

encrypted with conversation key 4

encrypted with Application Server’s secret key

user action

if status = OK,

then encrypt

app request

app_request(binding ...

app_request()

get ticket to

application srvr

Registry Service

Authentication Service

Privilege Service

Security Server

EPAC

Seal

PTGT

Seal

Application Server

app_request()

Seal

EPAC

Note: Refer to Figure 23-7 as you read the following steps.

8. Before fulﬁlling the client’s request, the Security runtime must learn the

conversation key for communicating with the client, and the client’s

authorization. To begin the challenge to the client’s identity and authorization,

the runtime generates a random number and sends it (in plaintext) to the client.

124245 Tandem Computers Incorporated 23−19