|
DCE Security and Kerberos
A note on the relationship between the DCE Security Service and Kerberos, for those who are already familiar with Kerberos: The DCE authentication service is based on MIT Project
Athena's Kerberos Network Authentication Service, Version 5. The Kerberos Key Distribution Center (KDC) server is a part of the DCE Security server, secd. The authorization information
that is created by the DCE privilege server is passed in the Kerberos Version 5 ticket's authorization data field.
The Kerberos user commands kinit, klist, and kdestroy are used in DCE security. The Kerberos API is used internally by DCE security, but is not exposed for use by the
application programmer. Instead, DCE application programmers use the authenticated RPC API.
|