effective permissions

The permissions granted to a principal as a result of a masking operation.


Any of the bits of a bit string, the octets of an octet string, or the octets by means of which the characters of a character string are represented.

encryption key

A secret value shared between two parties that enables them to communicate securely by using the key to encrypt and decrypt messages. Some servers store encryption keys in a keytab file. See also keytab file, password.


An attribute of data representation that reflects how certain multioctet data is stored in memory. See also big endian, little endian.


RPC: An address of a specific server instance on a host. See also dynamic endpoint, well-known endpoint.

endpoint map

RPC: A system-wide database where local RPC servers register binding information associated with their interface identifiers and object UUIDs. The endpoint map is maintained by the endpoint map service of the RPC daemon. See also endpoint map service, RPC daemon.

endpoint map service

RPC: A service provided by the RPC daemon that maintains a system's endpoint map for local RPC servers. When an RPC client makes a remote procedure call by using a partially bound binding handle, the endpoint map service looks up the endpoint of a compatible local server. See also endpoint map, partially bound binding handle , RPC daemon.


CDS: A component of CDS software that you can manage independently of any other component. The CDS control program commands are based on directives targeted for specific entities.

DTS: A specific software implementation on a system.

entity type

DTS: An identifier of an entity that determines its relationship to other components: clerk or server.


GDS: The part of the DIB that contains information relating to a single directory object. Each entry consists of directory attributes.

entry point vector (EPV)

RPC: A list of addresses for the entry points of a set of remote procedures that implements the operations declared in an interface definition. The addresses are listed in the same order as the corresponding operation declarations.


See extended privilege attribute certificate.


A timestamp that identifies directory replicas as being part of the same set. CDS uses the epoch timestamp when it skulks a directory: it finds all replicas of the directory that are in the same epoch and makes their contents consistent. If not all replicas share the same epoch, the skulk aborts. The set directory to new epoch command updates the value of the CDS_Epoch attribute.

epoch number

DTS: An identifier that a server appends to the time values it sends to other servers. Servers only use time values from other servers with whom they share epoch numbers.


See entry point vector.


See extended registry attribute.


DTS: The difference between a system's clock value and the computed time.

error tolerance

DTS: The amount of system clock error to which DCE Distributed Time Service responds by abruptly setting the system clock to the computed time, rather than gradually adjusting the clock.

event class

Logical grouping of audit events, designated by a name that can be any character string up to 256 characters. Generally, an event class comprises audit events that have some form of commonality.

event class file

A file that contains the declaration of events that constitute an event class. The name of the event class is the same as the name of the event class file.

event name

Symbolic name assigned to an audit event, consisting of any character string up to 256 characters. It is used for documentation only, and is not used for any other administrative purpose.

event number

A 32-bit integer assigned to an audit event. An event number is a tuple made up of a set-id and the event-id. It is used in grouping audit events into event classes.


Component of the event number that identifies the audit event.

execution semantics

RPC: The rules of execution for a remote procedure call, including the effect of multiple invocations on the outcome of a procedure's operation. See also at-most-once semantics, broadcast semantics, maybe semantics, idempotent semantics.


To display the contents of (open) a directory by using the CDS browser. You expand a directory that is closed by double-clicking on its icon. Double clicking on an expanded directory collapses it.

expiration age

RPC: The amount of time that a local copy of name service data from an NSI attribute remains unchanged before a request from an RPC application for the attribute requires updating it. See also NSI attribute.

explicit binding method

RPC: The explicit method of managing the binding for a remote procedure call in which a remote procedure call passes a binding handle as its first parameter. The binding handle is initialized in the application code. See also automatic binding method, binding handle, implicit binding method.



1. To place the server binding information associated with an RPC interface or a list of object UUIDs or both into an entry in a name service database.

2. To provide access to an RPC interface.

DFS: Offering data or making data available to another system. For example, hosts must export a local DCE LFS or non-LFS aggregate to make it available in the DCE namespace.

extended privilege attribute certificate (EPAC)

Contains authorization information specific to the user, such as groups to which the user belongs. EPACs are used to authorize users; that is, to help a server decide whether users should be granted access to resources that the server manages.

extended registry attribute (ERA)

An attribute attached to a registry object, created using the ERA API interfaces.