Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
631632633634635636637638639640
Chapter 30. The Key Management API
Every principal has an entry in the registry database that specifies a secret key. In the
case of an interactive principal (that is, a user), the secret key is derived from the
principal’s password. Just as users need to keep their passwords secure by memorizing
them (rather than writing them down, for example), a noninteractive principal also needs
to be able to store and retrieve its secret key in a secure manner. The key management
API provides simple key management functions for noninteractive principals.
While the key management routines themselves are relatively secure, it is up to the
application to ensure the security of the file or other device used to store the key. By
default, server principals that run on the same computer share a local key file; however,
the key management API also allows principals to specify an alternative local file.
When users change their passwords, they are free to forget their old passwords. When a
noninteractive principal changes its secret key, however, there may be clients with valid
tickets to that principal that are encoded with the old key. To save clients the trouble of
having to request new tickets to a noninteractive principal when the principal’s key has
changed, every key is flagged with a version number, and old key versions are retained
until all tickets that could have been encoded with that key have expired.
Finally, if a noninteractive principal’s key has been compromised, it may be invalidated
(along with all the corresponding tickets held by any clients) by simply deleting it from
the local key storage.
Note: The key management API is for use only by applications using the DCE
shared-secret authentication protocol and the key-type DES.
30.1 Retrieving a Key
The key management API provides two functions for retrieving a key from the local key
storage. The sec_key_mgmt_get_key( ) function returns a specified key version for a
specified principal. The meaning of specifying version 0 (zero) in this routine may vary
depending on the authentication protocol in effect. (If the protocol is DCE shared-secret,
the value 0 for the version identifier means the version that was most recently added to
the local storage.) In any case, a principal’s login is almost always successful if the
principal uses the version 0 key.
124245 Tandem Computers Incorporated 301