Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
581582583584585586587588589590
Chapter 28. The Extended Attribute API
This chapter describes the extended attribute APIs. There are two extended attribute
APIs: the extended registry attribute (ERA) interface to create attributes in the registry
database and the DCE attribute interface to create attributes in a database of your choice.
The ERA interface (consisting of sec_attr_*()calls) provides facilities for extending the
registry database by creating, maintaining, and viewing attribute types and instances, and
providing information to and receiving it from outside attribute servers known as
attribute triggers. It is the preferred API for security schema and attribute
manipulations. Application servers that manage legacy security attributes or provide
third-party processing of attributes stored in the registry database can export and
implement the sec_attr( ) interface. Trigger servers are accessed through the
sec_attr_trig() interface by the security client agent during certain sec_rgy_attr_*()
calls. The ERA interface uses the same binding mechanism as the registry API,
described in Chapter 27.
The DCE attribute interface (consisting of dce_attr_sch_*() calls) is provided for
schema and attribute manipulation of data repositories other than the registry. Although
similar to the ERA interface, the functionality of the DCE attribute interface is limited to
creating schema entries (attribute types). The interface does not provide calls to create
and manipulate attribute instances or to access trigger servers.
The chapter first describes the ERA interface and then the DCE attribute interface.
Finally is describes macros and utilities provided for developers who use either attribute
API.
28.1 The ERA API
The registry is a repository for principal, group, organization, and account data. It stores
the network privilege attributes used by DCE and account data used by local operating
systems. This local account data, however, is appropriate only for UNIX operating
systems. The ERA facility provides a mechanism for extending the registry schema to
include data (attributes) required by or useful to operating systems other than UNIX
operating systems.
124245 Tandem Computers Incorporated 281