Following is a summary of the user interfaces to the authentication service when the default authentication protocol is in effect (the default protocol is DCE shared-secret, which is based on the Kerberos Version 5 network authentication system).
· kinit
Obtains a login session's ticket(s) to remote services (the login and su tools also perform this service)
· klist
Lists a login session's tickets to remote services
· kdestroy
Destroys a login session's tickets to remote services
There are two security APIs that distributed applications are most likely to call to use the authentication service:
· Authenticated RPC facility
· GSSAPI
Although an application that uses GSSAPI may not make explicit calls to RPC routines, the GSSAPI implementation itself uses DCE RPC to communicate with the DCE registry.