OSF DCE Application Development Guide--Core Components

DCE Security Service

12. The client runtime receives and decrypts the response, and returns data to the

application interface through the API.

Figure 23-8. Application Server Responds to Client’s Request

Client Principal

Security runtime

conversation key 4 encrypted with conversation key 4

Application Server

Application

User Interface

API

RPC

Legend:

app_request()

svr_response()

If client is authorized for

app request, then perform

operation

svr_response()

The application server and client can continue to use the fourth conversation key

indeﬁnitely for subsequent conversations. If the server receives an application request

after discarding the conversation key, which it may do if it has not heard from client

for some time, then the server challenges the client to learn the key (see Figure 23-7).

If the client’s ticket to the application server expires, it must acquire a new one (see

Figure 23-6), and so on. If the client wishes to talk to a new service, it must acquire a

ticket to that service (see Figure 23-6).

Note: The illustrations in the walkthrough show the authentication protocol in

the context of a datagram-based network communications protocol. In

the case of a connection-oriented protocol, the client sends both the

23−22 Tandem Computers Incorporated 124245