Next

sec_intro(3sec)

Application Program Interface to the DCE Security Service

Description
The Distributed Computing Environment (DCE) Security Service Application Program Interface (API) allows developers to create network services with complete access to all the authentication and authorization capabilities of DCE Security Service and facilities.

The transaction of a network service generally consists of a client process requesting some action from a server process. The client may itself be a server, or a user, and the server may also be a client of other servers. Before the targeted server executes the specified action, it must be sure of the client's identity, and it must know whether the client is authorized to request the service.

The Security Service API consists of the following sets of Remote Procedure Calls (RPCs) used to communicate with various security-related services and facilities:

· rgy - Maintains the network registry of principal identities.

· era - Maintains extended registry attributes.

· login - Validates a principal's network identity and establish delegated identities.

· epa - Extracts privilege attributes from an opaque binding handle.

· acl - Implements an access control list (ACL) protocol for the authorization of a principal to network access and services.

· key - Provides facilities for the maintenance of account keys for daemon principals.

· id - Maps file system names to Universal Unique IDs (UUIDs).

· pwd_mgmt - Provides facilities for password management.

· pk - Provides facilities for public key authentication.

All the calls in this API have names beginning with the sec_ prefix. These are the same calls used by various user-level tools provided as part of the DCE. For example, the sec_create_db(1) tool is written with sec_rgy calls, acl_edit(1) is written with sec_acl calls, and the login(1) program, with which a user logs in to a DCE system, is written using sec_login calls. Most sites will find the user-level tools adequate for their needs, and only must use the Security Service API to customize or replace the functionality of these tools.

Though most of the calls in the Security Service API represent RPC transactions, code has been provided on the client side to handle much of the overhead involved with making remote calls. These "stubs" handle binding to the requested security server site, the marshalling of data into whatever form is needed for transmission, and other bookkeeping involved with these remote calls. An application programmer can use the Security Service interfaces as if they were composed of simple C functions.

This reference page introduces each of the following APIs:

· Registry APIs

· Login APIs

· Extended Privilege Attributes APIs

· Extended Registry Attributes APIs

· ACL APIs

· Key Management APIs

· ID Mapping APIs

· Password Management APIs

· Public Key APIs

The topic for each API is organized as follows:

· Synopsis

· Data Types

· Constants

· Files

More:

Registry API Data Types

Extended Registry Attribute Data Types

Login API Data Types

Extended Privilege Attribute API Data Types

ACL API Data Types

Key Management API Data Types

ID Mapping API Data Types

Password Management API Data Types

Public Key API Data Types