VMS Help
DCE, dce_intro, dced_intro, Security Validation Routines
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
|
dced_secval_start Starts a host's security validation service
dced_secval_validate
Validates that the DCE Security daemon (secd)
used by a specific host is legitimate
dced_secval_status Returns a status parameter of TRUE if the
security validation service is activated and
FALSE if not
dced_secval_stop Stops a host's security validation service
NAME
dced_secval_start - Starts the security validation service of
a specific host's dced
SYNOPSIS
#include <dce/dced.h>
void dced_secval_start( dced_binding_handle_t dced_bh,
error_status_t *status );
PARAMETERS
Input
dced_bh
Specifies the dced binding handle for the secval service on
a specific host.
Output
status
Returns the status code from this routine. This status code
indicates whether the routine completed successfully or, if
not, why not. The possible status codes are:
error_status_ok
dced_s_bad_binding
dced_s_sv_already_enabled
sec_acl_invalid_permission
DESCRIPTION
The dced_secval_start() routine starts the Security Validation
service of a specific host's dced. This routine is typically
used by management applications.
The Security Validation service (secval) has two major functions:
1. Maintain a login context for the host's self identity.
2. Validate and certify to applications (usually login programs)
that the DCE Security daemon (secd) is legitimate.
The secval is commonly started by default when dced starts.
See the dced_secval_stop() routine for a discussion of when to
use the combination of dced_secval_stop() and dced_secval_start().
Prior to calling this routine, the application must have
established a valid dced binding handle to the secval service
by calling either the dced_binding_create() or
dced_binding_from_rpc_binding() routine.
RELATED INFORMATION
Routines: dced_secval_stop
dced_binding_create
dced_binding_from_rpc_binding
Commands: dced
The secval object of dcecp
Books: OSF DCE Application Development Guide.
NAME
dced_secval_validate - Validates that the secd used by a
specific host is legitimate
SYNOPSIS
#include <dce/dced.h>
void dced_secval_validate( dced_binding_handle_t dced_bh,
error_status_t *status );
PARAMETERS
Input
dced_bh
Specifies the dced binding handle for the secval service on
a specific host.
Output
status
Returns the status code from this routine. This status code
indicates whether the routine completed successfully or, if
not, why not. The possible status codes are:
error_status_ok
dced_s_bad_binding
ept_s_not_registered
rpc_s_comm_failure
rpc_s_invalid_binding
rpc_s_rpcd_comm_failure
rpc_s_wrong_kind_of_binding
sec_login_s_no_current_context
DESCRIPTION
The dced_secval_validate() routine validates and certifies for
a specific host that the DCE Security daemon (secd) is legitimate.
Typically, a login program uses the security validation service
when it uses the Security Service's Login API (routines that begin
with sec_login). However, if a management application trusts some
remote host, it can use dced_secval_validate() to validate secd,
without logging in to the host.
RELATED INFORMATION
Routines: sec_login* API
dced_secval_start
dced_binding_create
dced_binding_from_rpc_binding
Commands: dced
The secval object of dcecp
Books: OSF DCE Application Development Guide.
NAME
dced_secval_status - Indicates whether or not a specific host's
security validation service of dced is
running
SYNOPSIS
#include <dce/dced.h>
void dced_secval_status( dced_binding_handle_t dced_bh,
boolean32 *secval_active,
error_status_t *status );
PARAMETERS
Input
dced_bh
Specifies the dced binding handle for the secval service on
a specific host.
Output
secval_active
Returns a value of TRUE if the security validation service
is running and FALSE if it is not running.
status
Returns the status code from this routine. This status code
indicates whether the routine completed successfully or, if
not, why not. The possible status codes are:
error_status_ok
dced_s_bad_binding
DESCRIPTION
The dced_secval_status() routine sets a parameter to TRUE or
FALSE depending on whether the security validation service has
been activated or deactivated.
Prior to calling this routine, the application must have
established a valid dced binding handle to the secval service
by calling either the dced_binding_create() or
dced_binding_from_rpc_binding() routine.
RELATED INFORMATION
Routines: dced_secval_start
dced_secval_stop
dced_binding_create
dced_binding_from_rpc_binding
Commands: dced
the secval object of dcecp
Books: OSF DCE Application Development Guide.
NAME
dced_secval_stop - Stops the security validation service of
a specific host's dced
SYNOPSIS
#include <dce/dced.h>
void dced_secval_stop( dced_binding_handle_t dced_bh,
error_status_t *status );
PARAMETERS
Input
dced_bh
Specifies the dced binding handle for the secval service on
a specific host.
Output
status
Returns the status code from this routine. This status code
indicates whether the routine completed successfully or, if
not, why not. The possible status codes are:
error_status_ok
dced_s_bad_binding
dced_s_sv_not_enabled
sec_acl_invalid_permission
DESCRIPTION
The dced_secval_stop() routine stops the security validation service
(secval) of a specific host's dced. This routine is typically used
by managment applications.
The secval service is commonly started by default when dced starts.
The main use of dced_secval_stop() and dced_secval_start() is to
force a refresh of the host principal credentials. This is the only
way to force certain registry changes made by the host principal
(such as groupset membership) to be seen by processes running on the
host.
You can easily stop and then start the secval service with the
following operations:
dcecp -c secval deactivate
dcecp -c secval activate
It is not a good idea to remove the machine principal self
credentials for an extended period of time because processes
running as self will fail in their attempts to perform
authenticated operations.
RELATED INFORMATION
Routines: dced_secval_start
dced_binding_create
dced_binding_from_rpc_binding
Commands: dced
The secval object of dcecp
Books: OSF DCE Application Development Guide.
[legal]
[privacy]
[GNU]
[policy]
[netiquette]
[sponsors]
[FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.