The Generic Security Service API
The Generic Security Service (GSS) provides an alternate way of securing distributed applications that handle network communications by themselves. With the Generic Security Service
API (GSSAPI), applications that establish the secure connection are like a DCE RPC client. Applications that accept the secure connection are like a DCE RPC server.
The GSS available with DCE includes the standard GSSAPI routines (defined in the Internet RFC 1509), as well as OSF DCE extensions to the GSSAPI routines. These extensions are additional routines
that enable an application to use DCE security services.
The GSSAPI combines authentication and authorization under a single security mechanism type. The security mechanism provides applications a choice of either authenticated Kerberos security or
authenticated PAC authorization under DCE Security.
Although an application that uses GSSAPI may not make explicit calls to RPC routines, the GSSAPI implementation itself uses DCE RPC to communicate with the DCE registry
|