OSF DCE Application Development Guide--Core Components
Chapter 27. The Registry API
This chapter describes the registry API. Like the other security APIs, this one provides a
simpler binding mechanism than the standard RPC handle structure. It includes facilities
for creating and maintaining the registry database. Applications that run in the default
DCE registry environment (that is, those that assume the presence of the default registry
tools and servers) have no reason to call this API.
27.1 Binding to a Registry Site
Although it is often convenient to speak of the registry database in a way that implies
that it is a single physical database, the registry database is replicated in all but the very
smallest cells. Replication reduces network traffic and increases the availability of
registry data to clients.
A cell’s registry database usually consists of an update site (also known as the master
site), and a number of query sites (also known as read-only, or slave sites). Changes to
data at the master site are propagated to its slaves by messages sent by the master. Query
sites can only satisfy requests for data (for example, sec_rgy_acct_lookup(), which
returns account information). Requests for database changes (for example, sec_rgy_-
acct_passwd( ), which changes the password for an account) must be directed to the
master site; a query site that receives such a request returns an error.
To submit requests to the registry server, a client must first select a site and bind to it.
The client may select a site by name, ask the DCE Directory Service to bind to the
master site, or select an arbitrary site. In addition, a client may select a cell and bind to a
registry site in that cell.
The registry API enables a client to communicate with the registry server via a specified
authentication protocol, at a specified protection level, and using a specified
authorization protocol. For instance, a developer may decide that the protection level for
communicating with an update site should be higher (that is, more secure) than that for a
query site; that is, the developer may feel that, on the one hand, the relatively infrequent
changes to registry data should be done in a highly secure manner and that, on the other
hand, authentication overhead should be reduced for the more frequent requests for
registry data. The registry API accommodates these varying needs.
124245 Tandem Computers Incorporated 27−1