A number of authentication mechanisms are supported by GDS. XDS applications must indicate which method is to be used. Since authentication takes place at bind time, it is appropriate to pass the selected authentication mechanism as an argument to ds_bind( ).
A bind operation can be performed by the application program with or without user credentials. A bind with credentials is referred to as an authenticated bind and allows an application program to require a user to specify a distinguished name password as user credentials. A bind without user credentials only permits access to public information in the directory.
A special OM object class, DSX_C_GDS_SESSION, is provided in the GDS package to accommodate user credentials and authentication mechanisms. In addition to the OM attributes inherited from its superclass DS_C_SESSION, this OM class consists of the following OM attributes:
· DSX_PASSWORD
This attribute contains the password for the user credentials.
· DSX_DIR_ID
This attribute contains the identifier for distinguishing between several configurations of the directory service within a GDS installation.
DSX_DIR_ID plays no role in user credentials.
· DSX_AUTH_MECHANISM
If this attribute is present it identifies the selected authentication mechanism. If this attribute is absent then a bind without
credentials (that is, anonymous bind) is attempted.
· DSX_AUTH_INFO
This attribute is for future use.
The GDS package also provides the following special OM classes to support access rights to specific OM attributes by directory service users:
· DSX_C_GDS_ACL
This attribute describes up to five categories of rights for one or more directory users.
· DSX_C_GDS_ACL_ITEM
This attribute specifies the user, or subtree of users, to whom an access right applies.
The five categories of rights correspond to the access rights defined for the directory service as described in the OSF GDS Administration Guide and Reference. The categories are as follows:
· Modify Public
· Read Standard
· Modify Standard
· Read Sensitive
· Modify Sensitive
Refer to XDS Programming for more information on binding with credentials and setting access rights for users. The sample programs in Sample Application Programs provide examples of how security features are used in application programs.