OSF DCE Application Development Guide--Core Components
OSF DCE Application Development Guide—Core Components
{
sec_login_purge_context(login_context)
...application login-failure actions...
}
...application-specific login-valid actions...
}
}
29.2 Context Inheritance
A process inherits the login context of its parent process unless the child process is
associated with a principal that has logged in and so established a separate login context.
The following subsections describe two additional aspects of context inheritance:
• How the initial context is established.
• How a process may inhibit context inheritance.
29.2.1 The Initial Context
An application invokes sec_login_setup_identity( ) so that it can then make other
authenticated RPC calls. However, sec_login_setup_identity( ) is itself a local interface
to an authenticated remote procedure call, and authenticated RPC needs a validated
login context in order to execute. For applications like system login, the daemon dced
supplies the validated context. However, a daemon that is started before dced is running
on the host needs to be able to assume its host’s identity. The initial context is
established at boot time with sec_login_init_first( ), which establishes the default
context inheritance for processes running on the host. The routines
sec_login_setup_first( ) and sec_login_validate_first() then set up and validate the
context in a procedure like that used for user context validation.
29.2.2 Private Contexts
A process may inhibit context inheritance by setting a flag in
sec_login_setup_identity( ). If the flag indicates that the login context is private, then
children of the calling process cannot inherit it. A child process can neither set a private
context (since it is the function of sec_login_set_context() to make the context
inheritable) nor export it to any other process.
29−4 Tandem Computers Incorporated 124245