OSF DCE Application Development Guide--Core Components
The Extended Privilege Attribute API
• sec_cred_get_req_restrictions()
Returns required restrictions
• sec_cred_get_tgt_restrictions( )
Returns target restrictions
• sec_cred_get_v1_pac( )
Returns pre-Version 1.1 privilege attributes
• sec_cred_is_authenticated()
Returns TRUE if the caller’s privilege attributes are authenticated or FALSE
otherwise
The sec_login_cred_*()calls are used by clients that are part of a delegation chain. The
calls and the information they return are as follows:
• sec_login_cred_get_delegate()
Returns the privilege attributes of a delegate in a delegation chain.
• sec_login_cred_get_initiator()
Returns the privilege attributes of the initiator of a delegation chain
The sec_cred_*() and sec_login_*() calls discussed in this chapter return information
about authenticated principals associated with an opaque credential handle supplied to
the call. Two credential handles are used:
• sec_login_handle_t (returned by a client-side sec_login_get_current_context()
call)
• rpc_authz_cred_handle_t (returned by a server-side rpc_inq_auth_caller( ) call)
These are handles to all the credentials in a delegation chain. The sec_login_cred_get_-
initiator( ), sec_login_cred_get_delegate(), sec_cred_get_initiator(), and sec_cred_-
get_delegate() calls return a handle of type sec_cred_pa_handle_t, which is a handle to
the extended privilege attributes of a particular identity in a delegation chain. The other
sec_cred_*() and sec_login_*() calls discussed in this chapter take the sec_cred_pa_-
handle_t handle and return the requested information for the particular identity.
26.4 Disabling Delegation
The login API sec_login_disable_delegation() call disables delegation for a specified
login context. It returns a new login context of type sec_login_handle_t without any
delegation information and prevents any further delegation.
124245 Tandem Computers Incorporated 26−9