VMS Help
DCE_SECURITY, API Intro

 *Conan The Librarian (sorry for the slow response - running on an old VAX)

 NAME

   sec_intro - Application Program Interface to the DCE Security Service

 DESCRIPTION

   The Distributed Computing Environment (DCE) Security Service Application
   Program Interface (API) allows developers to create network services with
   complete access to all the authentication and authorization capabilities
   of DCE Security Service and facilities.

   The transaction of a network service generally consists of a client
   process requesting some action from a server process. The client may
   itself be a server, or a user, and the server may also be a client of
   other servers.  Before the targeted server executes the specified action,
   it must be sure of the client's identity, and it must know whether the
   client is authorized to request the service.

   The Security Service API consists of the following sets of Remote
   Procedure Calls (RPCs) used to communicate with various security-
   related services and facilities:

     +  rgy - Maintains the network registry of principal identities.

     +  era - Maintains extended registry attributes.

     +  login - Validates a principal's network identity and establish
                delegated identities.

     +  epa - Extracts privilege attributes from an opaque binding handle.

     +  acl - Implements an Access Control List (ACL) protocol for the
              authorization of a principal to network access and services.

     +  key - Provides facilities for the maintenance of account keys for
              daemon principals.

     +  id - Maps file system names to Universal Unique IDs (UUIDs).

     +  pwd_mgmt - Provides facilities for password management.

   All the calls in this API have names beginning with the sec_ prefix.
   These are the same calls used by various user-level tools provided as
   part of the DCE. For example, the sec_create_db tool is written with
   sec_rgy calls, acl_edit is written with sec_acl calls, and the login
   program, with which a user logs in to a DCE system, is written using
   sec_login calls.  Most sites will find the user-level tools adequate
   for their needs, and only must use the Security Service API to
   customize or replace the functionality of these tools.

   Though most of the calls in the Security Service API represent RPC
   transactions, code has been provided on the client side to handle much
   of the overhead involved with making remote calls. These "stubs" handle
   binding to the requested security server site, the marshalling of data
   into whatever form is needed for transmission, and other bookkeeping
   involved with these remote calls. An application programmer can use
   the Security Service interfaces as if they were composed of simple C
   functions.

   This reference page introduces each of the following APIs:

     +  Registry APIs

     +  Login APIs

     +  Extended Privilege Attributes APIs

     +  Extended Registry Attributes APIs

     +  ACL APIs

     +  Key Management APIs

     +  ID Mapping APIs

     +  Password Management APIs

   The section for each API is organized as follows:

     +  Synopsis

     +  Data Types

     +  Constants

     +  Files

  Additional Information (explode) :

  Close     HLB-list     TLB-list     Help  

[legal] [privacy] [GNU] [policy] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.