What Is the DCE Security Service?

· Authentication service

The authentication service enables two processes on different machines to be certain of one another's identity, or authenticated. On a timesharing system, this functionality is provided in part by the operating system kernel. However, since a local host's operating system cannot necessarily be trusted in a distributed system, an authentication service is necessary in a distributed computing environment.

· Privilege service

Once a server has verified the identity of the user who is making a request, it still needs to determine whether the user should be authorized, or granted the requested access to a resource that the server controls. This functionality is provided by the DCE authorization service, called the privilege service. It forwards in a secure way the information that a server needs to know in order to determine what permissions it should grant to the user.

Both the authentication service and the privilege service are used in conjunction with DCE RPC and the login facility, so the typical application programmer does not interact with them directly, but instead uses authenticated RPC.

· Registry service

The registry service is a replicated service that manages the cell's security database. The security database contains entries for security entities, which are called principals. A principal can be a user or a server, for example. The database also contains information associated with each principal; for example, encryption keys, which are used in authentication, authorization, and encryption of messages. The registry service enables administrators to access and modify the database of DCE users.

The extended registry attribute (ERA) interface allows the registry schema to be modified so that user-defined attributes can be associated with registry objects.

· Access control list facility

DCE access control lists (ACLs) are lists of users who are authorized to access a given resource. For example, a user can put a colleague on an ACL for a certain file, thereby granting the colleague permission to read and write the file. DCE ACLs are associated with many DCE resources: files, entries in the Directory Service, and entries in the security service. DCE ACLs are based on the POSIX 1003.6/Draft 3 specification. An ACL API allows programmers to manipulate ACLs, and the dcecp command allows users to modify ACLs associated with resources they own.

· Login facility

The DCE login facility initializes a user's DCE security environment. It authenticates the user to the security service by means of the user's password. The security service returns security credentials, which are then used to authenticate the user to distributed services that are accessed during the user's session, such as DFS or other applications. The login facility permits log in using the following authentication protocols:

- The public key protocol, which provides the highest level security

- The third-party protocol, which is less secure than public key protocol

- The timestamps protocol, which is less secure than the third-party protocol

- The DCE Version 1.0 protocol, which is the least secure protocol. This is provided solely for compatibility with DCE Version 1.0 clients.

· Audit service

The audit service detects and records the execution of DCE server operations that are relevant to the maintenance of a secure distributed computing environment. The audit service records the event in a log file called an audit trail file. DCE application programmers build auditing into their DCE servers by designating security-relevant operations as code points for which auditing is required, and using an audit API to establish auditing of those operations. The DCE Security Service and the DCE Distributed Time Service also use the audit service to track and record the use of their security-critical operations. Administrators can use the audit service event class and filter mechanisms to organize and tailor the recording of events into audit trail files.