OSF DCE Application Development Guide--Core Components
The Extended Attribute API
28.1.3.4 The Intercell Action Field
The intercell action field of the schema entry specifies the action that should be taken by
the privilege server when reading attributes from a foreign cell. This field can contain
one of three values:
• sec_attr_intercell_act_accept
To accept the foreign attribute instance
• sec_attr_intercell_act_reject
To reject the foreign attribute instance
• sec_attr_intercell_act_evaluate
To call a remote trigger server to determine how the attribute instance should be
handled
When the privilege server generates a PTGT for a foreign principal, it retrieves the list of
attributes from the foreign principal’s EPAC.
These attributes instances may be attached to the principal object itself or attached to
the group or organization object associated with the principal object.
The privilege server then checks the local attribute schema for attribute types with
UUIDs that match the UUIDs of the the attribute instances from the foreign cell that are
contained in the EPAC. At this point, the privilege server takes one of the following two
actions:
1. If the privilege server cannot find a matching attribute type in the local attribute
schema, it checks the unknown_intercell_action attribute on the policy object. If
the unknown_intercell_action attribute is set to
• sec_attr_intercell_act_accept, the foreign attribute instance is retained and
included in the EPAC generated for the object by the privilege server.
• sec_attr_intercell_act_reject, the foreign attribute is discarded.
Note: The unknown_intercell_action attribute must be created by the
system administrator and attached to the policy object. The attribute
type, which takes the same values as the intercell_action field, has
the following characteristics:
Name: unknown_intercell_action
Attribute UUID:
171e0ef2c-d12e-11cc-bb7b-080009353559
Encoding: sec_attr_encoding_integer
ACL manager set: policy_acl_mgr
Unique: false
Multivalued: false
Reserved: true
Comment text: Flag indicating whether to accept or reject foreign
124245 Tandem Computers Incorporated 28−7