Overview - An Overview of DCE Security

· Registry service - Maintains the registry database, which is a replicated database of principals, groups, organizations, accounts, and administrative policies.

· Authentication service - Handles user authentication or the process of verifying that principals are correctly identified. The authentication service also issues tickets that a principal uses to access remote services. The ticket contains data that is presented by the principal requesting the service to the principal providing the service.

· Privilege service - Supplies the user's privilege attributes, which are used to ensure that a principal has the rights to perform requested operations.

In addition, the DCE Security Service provides the following:

· Access control list (ACL) facility - Establishes and grants access rights to an object based on the object's access permissions.

· Extended registry attribute (ERA) facility - Provides tools to extend the registry database schema to define additional attributes and tools to attach those attributes to registry objects.

The DCE host daemon (dced) acts as the security client.

The DCE Registry, Authentication, and Privilege Services are implemented as a single daemon: the security server (secd).