DCE_SECURITY, API Intro
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
/sys$common/syshlp/helplib.hlb DCE_SECURITY, API Intro *Conan The Librarian (sorry for the slow response - running on an old VAX) |
|
NAME
sec_intro - Application Program Interface to the DCE Security Service
DESCRIPTION
The Distributed Computing Environment (DCE) Security Service Application
Program Interface (API) allows developers to create network services with
complete access to all the authentication and authorization capabilities
of DCE Security Service and facilities.
The transaction of a network service generally consists of a client
process requesting some action from a server process. The client may
itself be a server, or a user, and the server may also be a client of
other servers. Before the targeted server executes the specified action,
it must be sure of the client's identity, and it must know whether the
client is authorized to request the service.
The Security Service API consists of the following sets of Remote
Procedure Calls (RPCs) used to communicate with various security-
related services and facilities:
+ rgy - Maintains the network registry of principal identities.
+ era - Maintains extended registry attributes.
+ login - Validates a principal's network identity and establish
delegated identities.
+ epa - Extracts privilege attributes from an opaque binding handle.
+ acl - Implements an Access Control List (ACL) protocol for the
authorization of a principal to network access and services.
+ key - Provides facilities for the maintenance of account keys for
daemon principals.
+ id - Maps file system names to Universal Unique IDs (UUIDs).
+ pwd_mgmt - Provides facilities for password management.
All the calls in this API have names beginning with the sec_ prefix.
These are the same calls used by various user-level tools provided as
part of the DCE. For example, the sec_create_db tool is written with
sec_rgy calls, acl_edit is written with sec_acl calls, and the login
program, with which a user logs in to a DCE system, is written using
sec_login calls. Most sites will find the user-level tools adequate
for their needs, and only must use the Security Service API to
customize or replace the functionality of these tools.
Though most of the calls in the Security Service API represent RPC
transactions, code has been provided on the client side to handle much
of the overhead involved with making remote calls. These "stubs" handle
binding to the requested security server site, the marshalling of data
into whatever form is needed for transmission, and other bookkeeping
involved with these remote calls. An application programmer can use
the Security Service interfaces as if they were composed of simple C
functions.
This reference page introduces each of the following APIs:
+ Registry APIs
+ Login APIs
+ Extended Privilege Attributes APIs
+ Extended Registry Attributes APIs
+ ACL APIs
+ Key Management APIs
+ ID Mapping APIs
+ Password Management APIs
The section for each API is organized as follows:
+ Synopsis
+ Data Types
+ Constants
+ Files
Additional Information (explode) :
|
|
