INDEX

account information, conceptual part of login context

account name, equals login name

Accounts; rs_acct RPC interface

account, creator

sec_rgy_acct_admin_t

account, data (data type)

rs_login_info_t

account, entry in RS datastore

Key Management Facility

account, exactly one key

sec_passwd_version_t

account, expiration

sec_rgy_plcy_t

sec_rgy_acct_admin_t

account, flag

rs_acct_parts_t

account, information, administration-level

sec_rgy_acct_admin_t

account, lifetime

sec_rgy_plcy_t

account, local-ID (data type)

sec_rgy_unix_sid_t

account, name of

sec_rgy_login_name_t

account, unambiguous reference

sec_rgy_acct_key_t

account, user-level information

sec_rgy_acct_user_t

account, UUID (data type)

sec_rgy_sid_t

accounts

Accounts; rs_acct RPC interface

accuracy

Security Attributes: Authenticity, Integrity, Confidentiality

accuracy, of time source

Integration with Time Services

ACL

ACL Entries and their Types

Object Types, ACL Types, and ACL Inheritance

ACL Managers, Permissions, Access Determination Algorithms

Common ACL Manager Algorithm

Delegation Common ACL Manager Algorithm

Notes on Common ACL Manager ACLs

Multiple ACLs and ACL Managers

ACL Editors

ACL Manager Types Supported by the RS

Binding to ACL Servers

ACL Types

ACL Managers

ACL Editor RPC Interface

RS Protected Objects and their ACL Manager Types

access control list (ACL)

ACL manager

ACL editor,

ACL Editors

ACL manager API, future work

ACL Managers, Permissions, Access Determination Algorithms

ACL manager type UUID

Access Control Lists (ACLs)

ACL manager type UUID, input to CADA

The Common Access Determination Algorithm for Delegation

ACL manager,

ACL Managers, Permissions, Access Determination Algorithms

ACL Managers

ACL manager, ACLE types supported

RS Protected Objects and their ACL Manager Types

ACL manager, common

ACL Managers, Permissions, Access Determination Algorithms

ACL manager, multiple

Multiple ACLs and ACL Managers

ACL manager, permission

RS Protected Objects and their ACL Manager Types

ACL manager, POSIX support

sec_acl_posix_semantics_t

ACL manager, type UUID

Identifying Protected Objects and ACLs

RS Protected Objects and their ACL Manager Types

ACL manager, types supported by RS

ACL Manager Types Supported by the RS

ACL Permissions, Generic

RS Protected Objects and their ACL Manager Types

ACL type, not all need be supported

ACL Managers, Permissions, Access Determination Algorithms

ACL,

Subjects and Objects, Privilege and Authorisation

Access Control Lists (ACLs)

ACL, common

Common ACLs

ACL, data type

ACLs

ACL, default creation

Object Types, ACL Types, and ACL Inheritance

ACL, Editor

DCE Security Model

ACL, entry (ACLE) (data type)

ACLE Types

ACL, Extensions

Extensions to ACLs

ACL, for xattrschema Object

Access Control for the xattrschema Object

ACL, identity of

ACL Editors

ACL, initial

Object Types, ACL Types, and ACL Inheritance

ACL, initial container

Object Types, ACL Types, and ACL Inheritance

ACL, initial object

Object Types, ACL Types, and ACL Inheritance

ACL, multiple

Multiple ACLs and ACL Managers

ACL, not supported in name-based

Name-based versus PAC-based Authorisation

ACL, physical separation from referent

DCE Security Model

ACL, pointer to

sec_acl_p_t

ACL, protection/object

Object Types, ACL Types, and ACL Inheritance

ACL, semantics interpreted by manager

ACL Managers, Permissions, Access Determination Algorithms

ACL, type

Identifying Protected Objects and ACLs

ACL, type (data type)

ACL Types

ACL, unauthenticated entry

Privilege (Authorisation) Service (PS)

ACLE

ACLE Types

ACLE Permission Sets

Extended ACLE Information

ACLE,

ACL Entries and their Types

ACLE, data type

ACLEs

ACLE, extended information

Extended ACLE Information

ACLE, permission set

ACLE Permission Sets

ACLEs

ACLs

Access Control Lists (ACLs)

Notes on Common ACL Manager ACLs

Multiple ACLs and ACL Managers

Extensions to ACLs

Access Control Lists (ACLs)

Interface UUID for ACLs

ACLs

Common ACLs

Identifying Protected Objects and ACLs

acting as a delegate

ACL Entries and their Types

action

Unknown Intercell Action Attribute

active aspect

Subjects and Objects, Privilege and Authorisation

active bits of DES vector

Basic DES

additional

Additional Attribute Permission Bits

address

Registered Host Address Types

addresses

Host Addresses

adequacy of security, evaluating

Policy versus Service versus Mechanism

administer permission

Supported Permissions

administration-level information

sec_rgy_acct_admin_t

administrative flag

sec_rgy_acct_admin_flags_t

administrative interface

DCE Security Model

administrator

site administrator

algorithm

The Common Access Determination Algorithm for Delegation

Common ACL Manager Algorithm

Delegation Common ACL Manager Algorithm

The use_defaults Algorithm

The intercell_action Algorithm

Details of Basic DES Algorithm

Details of CBC Mode Algorithm

Key Distribution (Authentication) Services

Common Access Determination Algorithm

access determination algorithm

algorithm, access determination

ACL Managers, Permissions, Access Determination Algorithms

algorithm, basic DES

Details of Basic DES Algorithm

algorithm, CADA

The Common Access Determination Algorithm for Delegation

algorithm, CBC mode

Details of CBC Mode Algorithm

algorithm, common access determination

Common Access Determination Algorithm

algorithm, generate RA header

Server Receives Authentication Header and Sends Reverse-Authentication Header

algorithm, generation of AS response

KDS Server Receives AS Request and Sends AS Response

Algorithm, intercell_action

The intercell_action Algorithm

algorithm, KDS Error processing

KDS Error Processing

algorithm, next-hop

RS Information

algorithm, prepare authentication header

Client Sends Authentication Header

algorithm, processing privilege authentication/RA

Privilege (Reverse-)Authentication Header Processing

algorithm, TGS request/response

TGS Request/Response Processing (By KDS)

algorithm, trusted

Untrusted Environments: A Priori Trust and Trust Chains

Algorithm, use_defaults

The use_defaults Algorithm

algorithms

ACL Managers, Permissions, Access Determination Algorithms

alias

sec_rgy_pgo_flags_t

alias, feature of principal domain

Accounts; rs_acct RPC interface

alias, in principal domain

PGO Items; rs_pgo RPC Interface

allowable

Maximum Allowable Clock Skew

alter_context

CO Establishment of Credentials (bind, bind_ack, alter_context, alter_context_response)

alter_context PDU

CO Verifier auth_value.assoc_uuid_crc

alter_context_response

CO Establishment of Credentials (bind, bind_ack, alter_context, alter_context_response)

alter_context_response PDU

CO Verifier auth_value.assoc_uuid_crc

alternate algorithm, in future version

Outline of the Remainder of this Chapter, and of this Specification

alternative approach

Generalities on Security-The Architecture of Trust

ambiguity, of partially qualified string

Integration with Naming Services

ambiguity, syntactic, of PGO name

ID Map Facility

AND,

Bitwise Operations and Rotations

annotating a binding handle

anonymous

Privilege (Authorisation) Service (PS)

Anonymous Identity

Anonymous Identity, data type

Anonymous Identity

Anonymous, Cell UUID

Anonymous Identity

anonymous, client

Privilege-Tickets

Anonymous, Group UUID

Anonymous Identity

Anonymous, Principal UUID

Anonymous Identity

Anonymous, Version 1 UUID

Security-Version (Version 2) UUIDs

Anonymous Identity

ANSI X3.106

Encryption/Decryption Mechanisms

ANSI X3.92

Encryption/Decryption Mechanisms

ANY_OTHER

ACL Entries and their Types

ANY_OTHER Subalgorithm

ANY_OTHER, algorithm

ANY_OTHER Subalgorithm

ANY_OTHER, at most one

Common ACLs

ANY_OTHER, supported by common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

ANY_OTHER_DEL

ANY_OTHER_DEL Subalgorithm

ANY_OTHER_DEL, algorithm

ANY_OTHER_DEL Subalgorithm

ANY_OTHER_DELEG

ACL Entries and their Types

API

RS Binding; rs_bind Interface and sec_rgy_bind API

EPAC Accessor Function API

The sec_cred API for Abstracting EPAC Contents

Access Control List API

Registry API

ID Map API

Key Management API

EPAC Accessor Function (sec_cred) API

append

appendix

Appendix

AppleTalk, registered address type

Registered Host Address Types

application

Security Application Programming Interface

application, correctly written

Integration with RPC Services

architecture

Generalities on Security-The Architecture of Trust

arithmetic

Modular Arithmetic

arithmetic, modular

Modular Arithmetic

arithmetic, on timestamps

Timestamps, Microseconds, and Clock Skew

array, of pointers to ACL

sec_acl_list_t

AS

The Timestamps (AS + TGS) Protocol

The Third-Party (AS + TGS) Protocol

AS and TGS Services

KDS (AS and TGS) Requests

KDS (AS and TGS) Responses

AS Request/Response Processing

Client Sends AS Request to KDS

KDS Server Receives AS Request and Sends AS Response

Client Receives AS Response

AS request

Kerberos Key Distribution (Authentication) Service (KDS)

AS request, client sends

Client Sends AS Request to KDS

AS request/response

Privilege (Authorisation) Service (PS)

AS response

Kerberos Key Distribution (Authentication) Service (KDS)

AS,

AS and TGS Services

AS, receipt of request

KDS Server Receives AS Request and Sends AS Response

AS, request/response processing

AS Request/Response Processing

AS, response (data type)

KDS (AS and TGS) Responses

AS, response received by client

Client Receives AS Response

ASCII

Registered Password-to-Key Mappings

ASN.1

Key Distribution (Authentication) Services

aspect, active/passive

Subjects and Objects, Privilege and Authorisation

asserted

asserted PAC,

Privilege (Authorisation) Service (PS)

asserted, status of PAC

Privilege Attribute Certificates (PACs)

assertion

Protected RPC

associated

Groups Associated With a Foreign Cell

assurance, of correctly-written applications

Integration with RPC Services

assured

assured service

assured service,

Security Attributes: Authenticity, Integrity, Confidentiality

asymmetric trust peers

Cells-Cross-cell Authentication and Authorisation

atomicity, in changes to ACL

ACL Editors

attack

multi-prong attack

replay attack

attr_schema, ACL manager permission

RS Protected Objects and their ACL Manager Types

attr_schema, ACL manager type UUID

RS Protected Objects and their ACL Manager Types

attr_schema, supported ACLE types

RS Protected Objects and their ACL Manager Types

attribute

Extended Privilege Attribute Facility

Extended Registry Attribute Facility

Attribute Trigger Facility

Attribute Sets

Access Control for Attribute Types

Additional Attribute Permission Bits

Well-Known Attribute Types

Unknown Intercell Action Attribute

Privilege Attribute Certificates (PACs)

Handle for Privilege Attribute Data

attribute

attribute encoding type

multi-valued attribute

privilege attribute

privilege attribute certificate (PAC)

Attribute Encodings

Attribute Permissions, Additional

Additional Attribute Permission Bits

Attribute Schema,

Attribute Schema

Attribute Schemas, Well-known

Schemas for Well-Known Attributes

Attribute Scope

Attribute Sets

Attribute Trigger Facility,

Attribute Trigger Facility

Attribute Trigger,

Attribute Triggers

Attribute Type Flags,

Attribute Type Flags

attribute,

Security Attributes: Authenticity, Integrity, Confidentiality

attribute, of user (data type)

sec_rgy_acct_user_flags_t

attribute, PAC, in RS information

RS Information

attribute, PGO item (data type)

sec_rgy_pgo_flags_t

attribute, policy

sec_rgy_properties_t

attribute, privilege

Privilege (Authorisation) Service (PS)

attributee

Cursor for Extended Attributee Iteration

attributes

Security Attributes: Authenticity, Integrity, Confidentiality

Access Control on Attributes with Triggers

Environmental Parameters and Registry Attributes

Schemas for Well-Known Attributes

Privilege Attributes for the EPAC

Attributes, Additional Permissions

Additional Attribute Permission Bits

Attributes, Privilege (for EPAC)

Privilege Attributes for the EPAC

Attributes, Well Known

Environmental Parameters and Registry Attributes

audience

Intended Audience

auditing, not in this version

Outline of the Remainder of this Chapter, and of this Specification

auth_value.assoc_uuid_crc

CO Verifier auth_value.assoc_uuid_crc

auth_value.checksum

CO Verifier auth_value.checksum

auth_value.credentials

CO Verifier auth_value.credentials

authenticated, flag in PAC

Privilege Attribute Certificates (PACs)

authentication

Kerberos Key Distribution (Authentication) Service (KDS)

Cells-Cross-cell Authentication and Authorisation

Key Distribution (Authentication) Services

Fundamental Concepts

Authentication Data

Registered Authentication Data Types

Authentication Headers

Authentication Header Flags

Client Sends Authentication Header

Server Receives Authentication Header and Sends Reverse-Authentication Header

Cross-Cell Authentication

Registered Authentication Services

Privilege Authentication Headers

Client Sends Privilege Authentication Header

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

Authentication between Replicas

authentication data, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

authentication data, data type

Authentication Data

authentication data, registered

Registered Authentication Data Types

authentication flag,

Privilege (Authorisation) Service (PS)

authentication header processing

(Reverse-)Authentication Header Processing

authentication header, data type

Authentication Headers

authentication information permission

Supported Permissions

authentication method, in RS information

RS Information

authentication policy, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

authentication service (AS),

AS and TGS Services

authentication service, registered

Registered Authentication Services

authentication,

Kerberos Key Distribution (Authentication) Service (KDS)

authentication, and Kerberos

Kerberos Key Distribution (Authentication) Service (KDS)

authentication, client sends header

Client Sends Authentication Header

authentication, cross-cell

Cells-Cross-cell Authentication and Authorisation

Cross-Cell Authentication

authentication, data

KDS (AS and TGS) Requests

authentication, flag

sec_rgy_acct_auth_flags_t

authentication, header omitted

(Reverse-)Authentication Header Processing

authentication, mutual, at TGS request

Kerberos Key Distribution (Authentication) Service (KDS)

authentication, of TGS service, need for

TGS Request/Response Processing

authentication, policy

sec_rgy_plcy_auth_t

authentication, server receives header

Server Receives Authentication Header and Sends Reverse-Authentication Header

authentication, service not autonomous from KDS

Kerberos Key Distribution (Authentication) Service (KDS)

authentication, situations warranting

Protected RPC

authentication, time of

Kerberos Key Distribution (Authentication) Service (KDS)

authentication, to KDS server

Kerberos Key Distribution (Authentication) Service (KDS)

authentication, user-to-user

The use-session-key Option

authentication, verifier (PDU)

What is Specified in this Chapter

authentication, vs. authorisation

Authorisation Identities

authenticator, available

KDS Error Processing

authenticator, data type

Authenticators

authenticator, decrypted by KDS server

KDS Server Receives TGS Request and Sends TGS Response

authenticator, in Kerberos protocol

Kerberos Key Distribution (Authentication) Service (KDS)

authenticator, in service request

Kerberos Key Distribution (Authentication) Service (KDS)

authenticator, in TGS request

Client Sends TGS Request

authenticator, timestamp in

Integration with Time Services

authenticators

Authenticators

authenticity

Security Attributes: Authenticity, Integrity, Confidentiality

authenticity

authenticity,

Security Attributes: Authenticity, Integrity, Confidentiality

authenticity, protected by DES

Data Encryption Standard (DES)

authenticity, protected by DES-MD4/5

Message Digests 4 and 5 (MD4, MD5)

authnr-Cksum, usage in CL security

Conversation Manager out_data

authorisation

Subjects and Objects, Privilege and Authorisation

Privilege (Authorisation) Service (PS)

Name-based versus PAC-based Authorisation

Cells-Cross-cell Authentication and Authorisation

RPC Authorisation Extension

Authorisation Data

Registered Authorisation Data Types

Privilege (Authorisation) Services

Registered Authorisation Services

Authorisation Identities

Local and Foreign Authorisation Identities

Name-Based Authorisation

authorisation

authorisation data

name-based authorisation

Authorisation Algorithm, for Delegation

Extensions to ACLs

authorisation data, data type

Authorisation Data

authorisation data, registered

Registered Authorisation Data Types

authorisation decision computation

ACL Managers, Permissions, Access Determination Algorithms

authorisation identity, data type

Authorisation Identities

authorisation service,

Privilege (Authorisation) Service (PS)

Privilege (Authorisation) Services

authorisation service, registered

Registered Authorisation Services

authorisation,

Subjects and Objects, Privilege and Authorisation

authorisation, cross-cell

Cells-Cross-cell Authentication and Authorisation

authorisation, foreign groupsets (data type)

Groups Associated With a Foreign Cell

authorisation, in PTGS request

PS Server Receives PTGS Request and Sends PTGS Response

authorisation, in RS information

RS Information

authorisation, local/foreign (data type)

Local and Foreign Authorisation Identities

authorisation, name-based

Name-Based Authorisation

authorisation, name-based versus PAC-based

Name-based versus PAC-based Authorisation

authorisation, vs. authentication

Authorisation Identities

Authorisation-Vetting

Cross-cell Authorisation-Vetting the Privilege-ticket-granting-ticket

authority

authority of authentication, conceptual part of login context

authority,

Untrusted Environments: A Priori Trust and Trust Chains

available, authenticator

KDS Error Processing

avoided

Keys to be Avoided

avoided key

Keys to be Avoided

base

trusted computing base

basic

Basic DES

Details of Basic DES Algorithm

Some Basic Data Types

basic DES

Basic DES

basic DES algorithm, details

Details of Basic DES Algorithm

be

Keys to be Avoided

Part of Ticket to be Encrypted

Part of Reverse-authentication Header to be Encrypted

Part of KDS Response to be Encrypted

belief

Knowledge versus Belief; Trust

belief,

Knowledge versus Belief; Trust

belonging to a cell

Registration Service (RS) and RS Editors

BER

Key Distribution (Authentication) Services

between

Authentication between Replicas

big-endian,

Integer Representations (Endianness)

Mapping Bit-Sequences to Integers

big/big-endian encoding in pickle

(IDL/NDR) Pickles

bilateral authentication

DCE Security Model

bind

CO Establishment of Credentials (bind, bind_ack, alter_context, alter_context_response)

bind PDU

CO Verifier auth_value.assoc_uuid_crc

bind_ack

CO Establishment of Credentials (bind, bind_ack, alter_context, alter_context_response)

bind_ack PDU

CO Verifier auth_value.assoc_uuid_crc

binding

RS Binding; rs_bind Interface and sec_rgy_bind API

RPC Binding Models

Binding to TCB Servers

Binding to ACL Servers

Trigger Binding

binding handle

The krb5rpc RPC Interface

binding handle, RPC

Identifying Protected Objects and ACLs

binding, to ACL server

Binding to ACL Servers

bit representation, permission

Supported Permissions

BIT STRING

Key Distribution (Authentication) Services

BIT STRING, denoting field element

Key Distribution (Authentication) Services

bit,

Bits, Bytes, Words, and so on

bit, implementation of permission

ACL Managers, Permissions, Access Determination Algorithms

bit, parity, in DES key

Basic DES

bit, unused

Key Distribution (Authentication) Services

bit-position, of permissions

rdacl_get_printstring()

bit-reflection

Cyclic Redundancy Checksums

bit-sequence, mapping to integer

Mapping Bit-Sequences to Integers

Bit-Sequences

Mapping Bit-Sequences to Integers

bit-vector, implementation of permission

ACL Managers, Permissions, Access Determination Algorithms

bit-vector, pickle as

(IDL/NDR) Pickles

Bit/Byte-Sequences

Mapping Mixed Bit/Byte-Sequences to Integers

bits

Additional Attribute Permission Bits

Bits, Bytes, Words, and so on

Append Padding Bits

bitset

bitset, data type

bitset

bitwise

Bitwise Operations and Rotations

bitwise boolean AND,

Bitwise Operations and Rotations

bitwise boolean OR,

Bitwise Operations and Rotations

bitwise boolean XOR,

Bitwise Operations and Rotations

bitwise operation

Bitwise Operations and Rotations

bitwise rotation

Bitwise Operations and Rotations

block space

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

block, DES

Basic DES

block, encryption of partial

CBC Mode

bodies

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

body bgcolor="#FFFFFF"

KDS Request Body

body bgcolor="#FFFFFF", of KDS request (data type)

KDS Request Body

body bgcolor="#FFFFFF", of PDU

What is Specified in this Chapter

body bgcolor="#FFFFFF", of pickle

(IDL/NDR) Pickles

body bgcolor="#FFFFFF", PDU

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

bootstrap, use of sec_login API after

bootstrapping trust

Untrusted Environments: A Priori Trust and Trust Chains

bounds on ID numbers, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

buffer

Initialise State Buffer and Trigonometric Vector

built-in integrity

Registered Encryption Types

by

ACL Manager Types Supported by the RS

TGS Request/Response Processing (By KDS)

byte,

Bits, Bytes, Words, and so on

byte, interpretation as integer

Mapping Bit-Sequences to Integers

byte-sequence, mapping to integer

Mapping Byte-Sequences to Integers

Byte-Sequences

Mapping Byte-Sequences to Integers

byte-vector, pickle as

(IDL/NDR) Pickles

bytes

Bits, Bytes, Words, and so on

C language, pseudocode resembling

Use of Pseudocode

cache, in RS information

RS Information

cache, maintenance

rs_cache_data_t

caching

Kerberos Key Distribution (Authentication) Service (KDS)

CADA

Privilege (Authorisation) Service (PS)

CADA,

The Common Access Determination Algorithm for Delegation

Common Access Determination Algorithm

CADA, not supported in name-based

Name-based versus PAC-based Authorisation

CADA, subalgorithm

Third Step: Subalgorithms

call

call chain

case sensitivity

Registered Password-to-Key Mappings

CBC

CBC Mode

Details of CBC Mode Algorithm

CBC mode algorithm

Details of CBC Mode Algorithm

CBC mode of DES

CBC Mode

CCITT X.208

Key Distribution (Authentication) Services

CCITT X.209

Key Distribution (Authentication) Services

CCITT X.509

Key Distribution (Authentication) Services

CCITT-32

Registered CRCs

CCITT-32,

Registered CRCs

CDS directory service, use in RPC binding

RPC Binding Models

CDS naming syntax

sec_rgy_name_t-Short and Long PGO Names

CDS-supported namespace

ACL Editors

cell

Cell Names

Registered Syntaxes for Cell Names

Groups Associated With a Foreign Cell

Sample Cell Profile Entries

cell

cell principal

home cell

cell name, data type

Cell Names

cell name, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

cell name, in RS information

RS Information

cell principal,

Kerberos Key Distribution (Authentication) Service (KDS)

cell UUID,

Privilege (Authorisation) Service (PS)

cell,

DCE Security Model

Cells-Cross-cell Authentication and Authorisation

cell, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

cell-profile

Binding to TCB Servers

cell-wide information

Registration Service (RS) and RS Editors

Cells-Cross-cell

Cells-Cross-cell Authentication and Authorisation

certificate

privilege attribute certificate (PAC)

certificate, privilege attribute,

DCE Security Model

certificates

Privilege Attribute Certificates (PACs)

certification

Further Discussion of Certification

certification,

Further Discussion of Certification

certification, and scd_protected_noop()

scd_protected_noop()

certification, basis of login validation

certify

certify login context

certify,

Untrusted Environments: A Priori Trust and Trust Chains

chain

call chain

chain, trust,

Untrusted Environments: A Priori Trust and Trust Chains

chaining

Composition Laws (Chaining Properties)

chaining properties

Composition Laws (Chaining Properties)

chaining property, satisfied by twisted CRC

Cyclic Redundancy Checksums

chains

Untrusted Environments: A Priori Trust and Trust Chains

Multi-Hop Trust Chains

challenge

Conversation Manager in_data

change

Master Change

change password

Key Management Facility

sec_passwd_version_t

change permission

ACL Managers, Permissions, Access Determination Algorithms

change, date/time

rs_cache_data_t

CHAOSnet, registered address type

Registered Host Address Types

chapter

Outline of the Remainder of this Chapter, and of this Specification

What is Specified in this Chapter

character set, portable

Minimum Implementation Requirements

character, restrict choice of

Minimum Implementation Requirements

checksum

Registered Checksum Types

checksum type, in RS information

RS Information

checksum,

Message Digests 4 and 5 (MD4, MD5)

Checksum Mechanisms

checksum, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

checksum, data type

Checksums

sec_chksum_t

checksum, DES-CBC

DES-CBC Checksum

checksum, in TGS request

Client Sends TGS Request

checksum, registered type

Registered Checksum Types

checksum, type (data type)

sec_chksum_type_t

checksums

Cyclic Redundancy Checksums

Checksums

checksumtext

MD4

MD5

child object,

Object Types, ACL Types, and ACL Inheritance

child process, inheritance of login context

choices

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

chunks

Compress Message in 16-Word Chunks

cipher

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

cipher block chaining CBC

Data Encryption Standard (DES)

cipher function

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

ciphertext, operated on by DES

Data Encryption Standard (DES)

circular shift

Bitwise Operations and Rotations

CL

Security in the CL RPC Protocol

CL Establishment of Credentials (Conversation Manager)

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

CL dce_c_authn_level_pkt

CL dce_c_authn_level_integrity

CL dce_c_authn_level_privacy

CL, integrity and confidentiality

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

CL, security

Security in the CL RPC Protocol

CL, verifier

What is Specified in this Chapter

claimed identity

Tickets, Keys, and Cross-Registration

class, of protected objects

Access Control Lists (ACLs)

client

DCE Security Model

Client

Client Side

Client Sends AS Request to KDS

Client Receives AS Response

Client Sends Authentication Header

Client Receives Reverse-Authentication Header

Client Sends TGS Request

Client Receives TGS Response

Client Sends PTGS Request

Client Receives PTGS Response

Client Sends Privilege Authentication Header

Client Receives Privilege Reverse-Authentication Header

client

client cell, in TGS response

Client Receives TGS Response

client name, in TGS response

Client Receives TGS Response

client name, versus CDS-registered service name

Integration with Naming Services

client receives RA header

Client Receives Reverse-Authentication Header

client sends AS request

Client Sends AS Request to KDS

client, anonymous

Privilege-Tickets

client, in CL context

CL Establishment of Credentials (Conversation Manager)

client, in KDS Error message

KDS Error Processing

client, in transit path

Registered Transit Path Types

client, named

Kerberos Key Distribution (Authentication) Service (KDS)

Tickets, Keys, and Cross-Registration

client, named, in privilege ticket

Privilege (Authorisation) Service (PS)

client, nominated

Privilege-Tickets

client, receives AS response

Client Receives AS Response

client, receives PTGS response

Client Receives PTGS Response

client, receives RA header

Client Receives Privilege Reverse-Authentication Header

client, receives TGS response

Client Receives TGS Response

client, sends authentication header

Client Sends Authentication Header

client, sends PA header

Client Sends Privilege Authentication Header

client, sends PTGS request

Client Sends PTGS Request

client, sends TGS request

Client Sends TGS Request

client-side access information

Subjects and Objects, Privilege and Authorisation

client-side security context

climate of opinion

Knowledge versus Belief; Trust

clock

Timestamps, Microseconds, and Clock Skew

Maximum Allowable Clock Skew

clock skew

Maximum Allowable Clock Skew

clock skew, in RS information

RS Information

clock, synchronisation

Kerberos Key Distribution (Authentication) Service (KDS)

CO

Security in the CO RPC Protocol

CO Establishment of Credentials (bind, bind_ack, alter_context, alter_context_response)

CO Verifier auth_value.assoc_uuid_crc

CO Verifier auth_value.checksum

CO Verifier auth_value.credentials

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

CO dce_c_authn_level_pkt

CO dce_c_authn_level_pkt_integrity

CO dce_c_authn_level_pkt_privacy

CO integrity and confidentiality

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

CO, security

Security in the CO RPC Protocol

CO, verifier

What is Specified in this Chapter

code

Status Code Origination

Error Code Mapping List

codebook

Encoding/Decoding and Encryption/Decryption of Messages

codes

Status Codes

Status Codes Specific to Delegation

Codes/Text/Data

Error Status Codes/Text/Data

Registered Error Status Codes/Text/Data

coefficient, and endianness

Integer Representations (Endianness)

collision of ACLE

Common ACLs

collision resistance, of MD4

MD4

collision resistance, of MD5

MD5

collision, resistance of MD4, MD5

Message Digests 4 and 5 (MD4, MD5)

collision-resistance

Cyclic Redundancy Checksums

combination permission, bit position

rdacl_get_printstring()

combinations of ACLs

Multiple ACLs and ACL Managers

combined

Combined First and Second Steps

comma, metacharacter in transit path

Registered Transit Path Types

common

The Common Access Determination Algorithm for Delegation

Common ACL Manager Algorithm

Delegation Common ACL Manager Algorithm

Notes on Common ACL Manager ACLs

Common Access Determination Algorithm

Common Data Types and Constants for rdacl Interface

Common Data Types and Constants for RS Editors

Common Data Types and Constants for rs_bind

Common Data Types and Constants for rs_policy

Common Data Types and Constants for rs_pgo

Common Data Types and Constants for rs_acct

Common Data Types and Constants for rs_misc

Common Data Types and Constants for rs_attr

Common Data Types and Constants for rs_attr_schema

Common Data Types and Constants for rs_prop_acct

Common Data Types and Constants for rs_prop_acl

Common Data Types and Constants for rs_prop_attr

Common Data Types and Constants for rs_prop_attr_schema

Common Data Types and Constants for rs_prop_pgo

Common Data Types and Constants for rs_pwd_mgmt

Common Data Types and Constants for rs_repadm

Common Data Types and Constants for rs_replist

Common Data Types and Constants for rs_repmgr

Common Data Types and Constants for rs_unix

Common Data Types and Constants for the secidmap Interface

Common Data Types and Constants for Key Management

Common Data Types and Constants for scd Interface

common access determination algorithm (CADA)

Privilege (Authorisation) Service (PS)

common access determination algorithm,

Common Access Determination Algorithm

common access determination algorithm, CADA

The Common Access Determination Algorithm for Delegation

common ACL

Common ACLs

common ACL manager,

ACL Managers, Permissions, Access Determination Algorithms

common helpstring

Common Helpstrings

common permission

Common Permissions

common permission, bit position

rdacl_get_printstring()

common printstring

Common Printstrings

communication via RPC

DCE Security Model

communication, of twisted CRC

Cyclic Redundancy Checksums

communication, start of protection

Kerberos Key Distribution (Authentication) Service (KDS)

compatibility

Delegation Compatibility Modes

complete

The Complete Cross-cell Scenario

complex permission, bit position

rdacl_get_printstring()

complexity

Knowledge versus Belief; Trust

component, mapping from PGO name

ID Map Facility

components

Components of Delegation Model

composition

Composition Laws (Chaining Properties)

composition law of CRC

Cyclic Redundancy Checksums

composition laws

Composition Laws (Chaining Properties)

compress

Compress Message in 16-Word Chunks

compressed, transit path

Registered Transit Path Types

compression, of transit path

Registered Transit Path Types

compromised

Security Attributes: Authenticity, Integrity, Confidentiality

compromised

compromises of timestamp security

Integration with Time Services

computation, authorisation decision

ACL Managers, Permissions, Access Determination Algorithms

computational complexity

Knowledge versus Belief; Trust

computing

trusted computing base

computing entity,

Subjects and Objects, Privilege and Authorisation

concatenation

Sequences

concepts

Fundamental Concepts

concurrent group set

sec_rgy_pgo_flags_t

condition, on ACL

Common ACLs

confidence

Knowledge versus Belief; Trust

confidentiality

Security Attributes: Authenticity, Integrity, Confidentiality

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

confidentiality

confidentiality,

Security Attributes: Authenticity, Integrity, Confidentiality

confidentiality, CL

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

confidentiality, CO

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

confidentiality, protected by DES

Data Encryption Standard (DES)

confidentiality, protected by DES, not MD4/5

Message Digests 4 and 5 (MD4, MD5)

confounder

CBC Mode

Registered Checksum Types

Registered Encryption Types

conjunction,

Bitwise Operations and Rotations

connection-oriented, security

Security in the CO RPC Protocol

connection-oriented, verifier

What is Specified in this Chapter

connectionless, security

Security in the CL RPC Protocol

connectionless, verifier

What is Specified in this Chapter

constants

Common Data Types and Constants for rdacl Interface

Common Data Types and Constants for RS Editors

Common Data Types and Constants for rs_bind

Common Data Types and Constants for rs_policy

Common Data Types and Constants for rs_pgo

Common Data Types and Constants for rs_acct

Common Data Types and Constants for rs_misc

Common Data Types and Constants for rs_attr

Common Data Types and Constants for rs_attr_schema

Common Data Types and Constants for rs_prop_acct

Common Data Types and Constants for rs_prop_acl

Common Data Types and Constants for rs_prop_attr

Common Data Types and Constants for rs_prop_attr_schema

Common Data Types and Constants for rs_prop_pgo

Common Data Types and Constants for rs_pwd_mgmt

Common Data Types and Constants for rs_repadm

Common Data Types and Constants for rs_replist

Common Data Types and Constants for rs_repmgr

Common Data Types and Constants for rs_unix

Common Data Types and Constants for the secidmap Interface

Common Data Types and Constants for Key Management

Common Data Types and Constants for scd Interface

Data Types and Constants

Constants

constructed form

Key Distribution (Authentication) Services

consuming the transit path

Privilege (Authorisation) Service (PS)

container

container object

container object,

Object Types, ACL Types, and ACL Inheritance

containment of damage

Privilege (Authorisation) Service (PS)

The sec_cred API for Abstracting EPAC Contents

context

current login context

network login context

context, at process start-up

context, login

context, of security-version UUID

Security-Version (Version 2) UUIDs

context, set for process at login

control

Access Control Lists (ACLs)

Access Control for the xattrschema Object

Access Control for Attribute Types

Access Control on Attributes with Triggers

Access Control Lists (ACLs)

Access Control List API

access control list (ACL)

control access, using ACLs

Access Control Lists (ACLs)

control permission

ACL Managers, Permissions, Access Determination Algorithms

Supported Permissions

flag, ticket (data type)

Ticket Flags

flag, word, POSIX semantics

sec_acl_posix_semantics_t

flags

Attribute Type Flags

Ticket Flags

Authentication Header Flags

KDS Request Flags

Version 0 Token Flags

foreign

Local and Foreign Authorisation Identities

Groups Associated With a Foreign Cell

foreign ACLE type

ACL Entries and their Types

foreign authorisation, data type

Local and Foreign Authorisation Identities

foreign group, in PAC

Privilege Attribute Certificates (PACs)

foreign groups authorisation, data type

Groups Associated With a Foreign Cell

foreign groupsets authorisation, data type

Groups Associated With a Foreign Cell

foreign secondary group ID

Privilege (Authorisation) Service (PS)

FOREIGN_GROUP

ACL Entries and their Types

FOREIGN_GROUP, algorithm

GROUP_OBJ/GROUP/FOREIGN_GROUP Subalgorithm

FOREIGN_GROUP, limitation in common ACL

Common ACLs

FOREIGN_GROUP, supported by common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

FOREIGN_GROUP_DEL, algorithm

GROUP_OBJ_DEL/GROUP_DEL/FOREIGN_GROUP_DEL Subalgorithm

FOREIGN_GROUP_DELEG

ACL Entries and their Types

FOREIGN_OTHER

ACL Entries and their Types

FOREIGN_OTHER Subalgorithm

FOREIGN_OTHER, algorithm

FOREIGN_OTHER Subalgorithm

FOREIGN_OTHER, limitation in common ACL

Common ACLs

FOREIGN_OTHER, supported by common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

FOREIGN_OTHER_DEL

FOREIGN_OTHER_DEL Subalgorithm

FOREIGN_OTHER_DEL, algorithm

FOREIGN_OTHER_DEL Subalgorithm

FOREIGN_OTHER_DELEG

ACL Entries and their Types

FOREIGN_USER

ACL Entries and their Types

FOREIGN_USER, algorithm

USER/FOREIGN_USER Subalgorithm

FOREIGN_USER, limitation in common ACL

Common ACLs

FOREIGN_USER, supported by common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

FOREIGN_USER_DEL, algorithm

USER_DEL/FOREIGN_USER_DEL Subalgorithm

FOREIGN_USER_DELEG

ACL Entries and their Types

formalisation of security theory

Generalities on Security-The Architecture of Trust

format

Delegation Token (Version 0) Format

format, for displaying permission

rdacl_get_printstring()

format, of PAC

Privilege Attribute Certificates (PACs)

format, PAC (data type)

PAC Formats

formats

PAC Formats

formatting details,

Terminology, Notation, and Conventions

forward, combined with proxy

KDS (AS and TGS) Requests

forwardable, in AS response

KDS Server Receives AS Request and Sends AS Response

forwardable, in RS information

RS Information

forwardable, in TGS request

Client Sends TGS Request

forwardable, initialisation

Client Sends AS Request to KDS

forwardable, KDS request flag

KDS Request Flags

forwardable, ticket flag

Ticket Flags

FP

Initial Permutation (IP) and Final Permutation (FP)

frequency of changing password

Key Management Facility

freshness, of authenticator

Integration with Time Services

frontmatter

Frontmatter

full BER

Key Distribution (Authentication) Services

full name

sec_rgy_pgo_item_t

fullname permission

Supported Permissions

function

Delegation-Related Functions

EPAC Accessor Function API

Some Special Functions

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

EPAC Accessor Function (sec_cred) API

fundamental

Fundamental Concepts

further

Further Discussion of Certification

future work, solve multi-hop trust chain problem

Multi-Hop Trust Chains

G() (used in definition of MD4)

Some Special Functions

G() (used in definition of MD5)

Some Special Functions

G-name

Integration with Naming Services

gecos

sec_rgy_acct_user_t

generalities

Generalities on Security-The Architecture of Trust

generalities on security

Generalities on Security-The Architecture of Trust

generation of ticket

Privilege (Authorisation) Service (PS)

generation of weak keys

Keys to be Avoided

generator, of CRC

Cyclic Redundancy Checksums

generic permissions

Supported Permissions

genuine, received ticket

Client Receives AS Response

geographic dispersion

Distributed Security: Secrets and Cryptology

global

Global PGO Names

Global Group Name

Privilege (Authorisation) Service (PS)

Global Group Name, from Cell UUID and Group UUID

Privilege (Authorisation) Service (PS)

global KDS cross-registration

Multi-Hop Trust Chains

global PGO name

Global PGO Names

Global Principal Name, from Cell UUID and Principal UUID

Privilege (Authorisation) Service (PS)

global root

Registered Transit Path Types

global uniqueness

Security-Version (Version 2) UUIDs

glossary

Glossary

goal of security

Security Attributes: Authenticity, Integrity, Confidentiality

good password

sec_rgy_acct_user_flags_t

government, restriction on use of DES

Data Encryption Standard (DES)

grace period

(Reverse-)Authentication Header Processing

granting access

Subjects and Objects, Privilege and Authorisation

granting ticket

DCE Security Model

granularity of time

Timestamps, Microseconds, and Clock Skew

group

The Open Group

Open Group Publications

ACL Entries and their Types

group delegate

ACL Entries and their Types

group domain

Registration Service (RS) and RS Editors

sec_rgy_domain_t

group permission

Supported Permissions

group UUID,

Privilege (Authorisation) Service (PS)

group, ACL manager permission

RS Protected Objects and their ACL Manager Types

group, ACL manager type

ACL Manager Types Supported by the RS

group, ACL manager type UUID

RS Protected Objects and their ACL Manager Types

GROUP, algorithm

GROUP_OBJ/GROUP/FOREIGN_GROUP Subalgorithm

group, identity (data type)

sec_rgy_foreign_id_t

group, in account item

Accounts; rs_acct RPC interface

group, in PAC

Privilege Attribute Certificates (PACs)

GROUP, limitation in common ACL

Common ACLs

group, primary vs. secondary

Privilege (Authorisation) Service (PS)

group, separate namespace

PGO Items; rs_pgo RPC Interface

group, supported ACLE types

RS Protected Objects and their ACL Manager Types

GROUP, supported by common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

group-ID

ID Map Facility

group-name

ID Map Facility

Integration with Naming Services

GROUP_DEL, algorithm

GROUP_OBJ_DEL/GROUP_DEL/FOREIGN_GROUP_DEL Subalgorithm

GROUP_DELEG

ACL Entries and their Types

GROUP_OBJ

ACL Entries and their Types

GROUP_OBJ, algorithm

GROUP_OBJ/GROUP/FOREIGN_GROUP Subalgorithm

GROUP_OBJ, at most one

Common ACLs

GROUP_OBJ, optional in common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

GROUP_OBJ/GROUP/FOREIGN_GROUP

GROUP_OBJ/GROUP/FOREIGN_GROUP Subalgorithm

GROUP_OBJ_DEL, algorithm

GROUP_OBJ_DEL/GROUP_DEL/FOREIGN_GROUP_DEL Subalgorithm

GROUP_OBJ_DEL/GROUP_DEL/FOREIGN_GROUP_DEL

GROUP_OBJ_DEL/GROUP_DEL/FOREIGN_GROUP_DEL Subalgorithm

GROUP_OBJ_DELEG

ACL Entries and their Types

groups

Groups Associated With a Foreign Cell

guarantee, that SCD server is genuine

Further Discussion of Certification

guarantee, unique stringname

Principal Names

guessing password

Data Encryption Standard (DES)

Key Management Facility

H() (used in definition of MD4)

Some Special Functions

H() (used in definition of MD5)

Some Special Functions

hand-rolled pickle

(IDL/NDR) Pickles

handle

Handle for Privilege Attribute Data

handle, binding, annotating

Handle, for Privilege Attribute Data

Handle for Privilege Attribute Data

handle, protected, obtain

ACL Editors

handle, RPC binding

The krb5rpc RPC Interface

Identifying Protected Objects and ACLs

handle_t

RS Binding; rs_bind Interface and sec_rgy_bind API

hardware

Subjects and Objects, Privilege and Authorisation

hardware, basis of key security

Key Management Facility

hash

MD4

MD5

hash,

Message Digests 4 and 5 (MD4, MD5)

hash, CRC-32

CRC-32

header

Authentication Header Flags

Part of Reverse-authentication Header to be Encrypted

(Reverse-)Authentication Header Processing

Client Sends Authentication Header

Server Receives Authentication Header and Sends Reverse-Authentication Header

Client Receives Reverse-Authentication Header

Privilege (Reverse-)Authentication Header Processing

Client Sends Privilege Authentication Header

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

Client Receives Privilege Reverse-Authentication Header

header, authentication (data type)

Authentication Headers

header, authentication, omitted

(Reverse-)Authentication Header Processing

header, authentication, processing

Privilege (Reverse-)Authentication Header Processing

header, client sends authentication

Client Sends Authentication Header

header, of PDU

What is Specified in this Chapter

header, of pickle

(IDL/NDR) Pickles

header, privilege authentication (data type)

Privilege Authentication Headers

header, privilege RA (data type)

Privilege Reverse-Authentication Headers

header, RA, client receives

Client Receives Reverse-Authentication Header

header, reverse authentication (data type)

Reverse-Authentication Headers

header, version number

(IDL/NDR) Pickles

headers

Authentication Headers

Reverse-Authentication Headers

Privilege Authentication Headers

Privilege Reverse-Authentication Headers

helpstring

ACL Managers, Permissions, Access Determination Algorithms

Printstrings and Helpstrings

helpstring

helpstring, and common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

helpstring, common

Common Helpstrings

helpstrings

Printstrings and Helpstrings

Common Helpstrings

hierarchy, of principals, groups and orgs

PGO Items; rs_pgo RPC Interface

hierarchy, organisational

Policy versus Service versus Mechanism

high-level ACL manipulation, not specified

ACL Editors

high-order bit, use of, in permission

rdacl_get_printstring()

hint, in secidmap interface

rsec_id_output_selector_t

home

home cell

Fundamental Concepts

home cell,

DCE Security Model

home directory

sec_rgy_acct_user_t

honouring a ticket, time constraints on

Integration with Time Services

hop, in RS information

RS Information

host

Host Addresses

Registered Host Address Types

host address, communications, not security

Host Addresses

host address, data type

Host Addresses

host address, registered

Registered Host Address Types

host principal name

PGO Items; rs_pgo RPC Interface

host-name, reserved account

Accounts; rs_acct RPC interface

host-name, reserved name

PGO Items; rs_pgo RPC Interface

host-name, versus other machine name

hot list, in RS information

RS Information

human understanding of security

Generalities on Security-The Architecture of Trust

human-friendly stringname, in PGO item

PGO Items; rs_pgo RPC Interface

human-readable

ACL Managers, Permissions, Access Determination Algorithms

I() (used in definition of MD5)

Some Special Functions

ID

ID Map Facility

ID Map Facility RPC Interface

ID Map API

ID map facility

ID Map Facility

ID map facility, bidirectional mapping

ID Map Facility

identifier, definitive

sec_rgy_pgo_item_t

identifier, of RPC transfer syntax

(IDL/NDR) Pickles

identifying

Identifying Protected Objects and ACLs

identities

Authorisation Identities

Local and Foreign Authorisation Identities

identity

Generalities on Security-The Architecture of Trust

Anonymous Identity

identity, authorisation (data type)

Authorisation Identities

identity, authorisation, by PS

Privilege (Authorisation) Service (PS)

identity, certainty of

Security Attributes: Authenticity, Integrity, Confidentiality

identity, data type

sec_rgy_foreign_id_t

identity, establishing

DCE Security Model

identity, in AS response

Kerberos Key Distribution (Authentication) Service (KDS)

identity, in Kerberos protocol

Kerberos Key Distribution (Authentication) Service (KDS)

identity-based policy

Policy versus Service versus Mechanism

IDL, specifies pickles

(IDL/NDR) Pickles

IDL/NDR

(IDL/NDR) Pickles

idl_pkl_header_t,

(IDL/NDR) Pickles

ignorance of algorithm

Key-based Security: Kerckhoffs' Doctrine

illicit use of resources

Security Attributes: Authenticity, Integrity, Confidentiality

immediate

immediate target

impersonation

Delegation Controls

impersonation

implementation

Minimum Implementation Requirements

Implementation Variability Regarding Required Rights

implementation requirement

Minimum Implementation Requirements

implementation variability

Implementation Variability Regarding Required Rights

implementation variability, in header processing

(Reverse-)Authentication Header Processing

implementation, not constrained by pseudocode

Use of Pseudocode

import/export of DES

Data Encryption Standard (DES)

in

Compress Message in 16-Word Chunks

What is Specified in this Chapter

Security in the CL RPC Protocol

Security in the CO RPC Protocol

in_data

Conversation Manager in_data

in_data, CL

Conversation Manager in_data

indicator of position

sec_rgy_cursor_t

indirect trust

Untrusted Environments: A Priori Trust and Trust Chains

indirect trust chain

The Complete Cross-cell Scenario

infallibility, relative

Further Discussion of Certification

infinite privilege

Subjects and Objects, Privilege and Authorisation

information

Ordering Information

RS Information

Replica Information

Extended ACLE Information

information, administration-level

sec_rgy_acct_admin_t

information, registry (RS)

RS Information

information, RS (data type)

RS Information

inheritance

Object Types, ACL Types, and ACL Inheritance

inheritance model

Supported Permissions

inheritance of ACLs

Object Types, ACL Types, and ACL Inheritance

inheritance rules, and common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

inheritance, of login context

init process, login context

init, use of sec_login API

initial

Initial Permutation (IP) and Final Permutation (FP)

initial ACL,

Object Types, ACL Types, and ACL Inheritance

initial container ACL,

Object Types, ACL Types, and ACL Inheritance

initial key

Tickets, Keys, and Cross-Registration

initial object ACL,

Object Types, ACL Types, and ACL Inheritance

initial permutation

Initial Permutation (IP) and Final Permutation (FP)

initial registration

DCE Security Model

initial ticket, issuing

Kerberos Key Distribution (Authentication) Service (KDS)

initialisation vector, DES

CBC Mode

initialisation vector, of CRC

Cyclic Redundancy Checksums

initialise

Initialise State Buffer and Trigonometric Vector

initialise permission

Supported Permissions

initiator

Subjects and Objects, Privilege and Authorisation

initiator

input

Input

Input/Output

insecure

Security Attributes: Authenticity, Integrity, Confidentiality

insecure

insert permission

ACL Managers, Permissions, Access Determination Algorithms

Supported Permissions

instance

attribute instance

instance, synonymous with server

RS Binding; rs_bind Interface and sec_rgy_bind API

integer

Integer Representations (Endianness)

integer, mapping to bit-sequence

Mapping Bit-Sequences to Integers

integer, mapping to byte-sequence

Mapping Byte-Sequences to Integers

integer, mapping to mixed bit/byte-sequence

Mapping Mixed Bit/Byte-Sequences to Integers

integers

Mapping Bit-Sequences to Integers

Mapping Byte-Sequences to Integers

Mapping Mixed Bit/Byte-Sequences to Integers

integration

Integration with Time Services

Integration with RPC Services

Integration with Naming Services

integration with time services

Integration with Time Services

integrator

integrity

Security Attributes: Authenticity, Integrity, Confidentiality

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

integrity

integrity,

Security Attributes: Authenticity, Integrity, Confidentiality

integrity, built-in

Registered Encryption Types

integrity, CL

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

integrity, CO

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

integrity, protected by DES

Data Encryption Standard (DES)

integrity, protected by DES-MD4/5

Message Digests 4 and 5 (MD4, MD5)

intended

Intended Audience

intentional request, of cross-cell referral ticket

Client Sends TGS Request

inter-cell coordination

DCE Security Model

interaction

Subjects and Objects, Privilege and Authorisation

intercell

Unknown Intercell Action Attribute

intercell_action

The intercell_action Algorithm

intercell_action, Algorithm

The intercell_action Algorithm

interchangeability, of CADA steps

Combined First and Second Steps

interests of client

rsec_id_output_selector_t

interface

RS Binding; rs_bind Interface and sec_rgy_bind API

Policy Item, Policies and Properties; rs_policy RPC Interface

PGO Items; rs_pgo RPC Interface

Accounts; rs_acct RPC interface

Miscellaneous; rs_misc RPC Interface

The krb5rpc RPC Interface

The rpriv RPC Interface

Extended PAC (EPAC) Interface

Interface UUID for ACLs

ACL Editor RPC Interface

The rdacl RPC Interface

Common Data Types and Constants for rdacl Interface

Interface UUID and Version Number for rdacl Interface

The rs_bind RPC Interface

Interface UUID and Version Number for rs_bind

The rs_policy RPC Interface

Interface UUID and Version Number for rs_policy

The rs_pgo RPC Interface

Interface UUID and Version Number for rs_pgo

The rs_acct RPC Interface

Interface UUID and Version Number for rs_acct

The rs_misc RPC Interface

Interface UUID and Version Number for rs_misc

The rs_attr RPC Interface

Interface UUID for rs_attr

The rs_attr_schema RPC Interface

Interface UUID for rs_attr_schema

The rs_prop_acct RPC Interface

Interface UUID and Version Number for rs_prop_acct

The rs_prop_acl RPC Interface

Interface UUID and Version Number for rs_prop_acl

The rs_prop_attr RPC Interface

Interface UUID and Version Number for rs_prop_attr

The rs_prop_attr_schema RPC Interface

Interface UUID and Version Number for rs_prop_attr_schema

The rs_prop_pgo RPC Interface

Interface UUID and Version Number for rs_prop_pgo

The rs_prop_plcy RPC Interface

Interface UUID and Version Number for rs_prop_plcy

The rs_prop_replist RPC Interface

Interface UUID and Version Number for rs_prop_replist

The rs_pwd_mgmt RPC Interface

Interface UUID and Version Number for rs_pwd_mgmt

The rs_qry RPC Interface

Interface UUID and Version Number for rs_qry

The rs_repadm RPC Interface

Interface UUID and Version Number for rs_repadm

The rs_replist RPC Interface

Interface UUID and Version Number for rs_replist

The rs_repmgr RPC Interface

Interface UUID and Version Number for rs_repmgr

The rs_rpladmn RPC Interface

Interface UUID and Version Number for rs_rpladmn

The rs_unix RPC Interface

Interface UUID and Version Number for rs_unix

The rs_update RPC Interface

Interface UUID and Version Number for rs_update

ID Map Facility RPC Interface

The secidmap RPC Interface

Common Data Types and Constants for the secidmap Interface

Interface UUID and Version Number for the secidmap Interface

Key Management Facility RPC Interface

The Key Management RPC Interface

The scd RPC Interface

Common Data Types and Constants for scd Interface

Interface UUID and Version Number for scd Interface

Security Application Programming Interface

interface UUID, ACLs

Interface UUID for ACLs

interface UUID, rs_acct

Interface UUID and Version Number for rs_acct

interface UUID, rs_attr

Interface UUID for rs_attr

interface UUID, rs_attr_schema

Interface UUID for rs_attr_schema

interface UUID, rs_bind

Interface UUID and Version Number for rs_bind

interface UUID, rs_misc

Interface UUID and Version Number for rs_misc

interface UUID, rs_pgo

Interface UUID and Version Number for rs_pgo

interface UUID, rs_policy

Interface UUID and Version Number for rs_policy

interface UUID, rs_prop_acct

Interface UUID and Version Number for rs_prop_acct

interface UUID, rs_prop_acl

Interface UUID and Version Number for rs_prop_acl

interface UUID, rs_prop_attr

Interface UUID and Version Number for rs_prop_attr

interface UUID, rs_prop_attr_schema

Interface UUID and Version Number for rs_prop_attr_schema

interface UUID, rs_prop_pgo

Interface UUID and Version Number for rs_prop_pgo

interface UUID, rs_prop_plcy

Interface UUID and Version Number for rs_prop_plcy

interface UUID, rs_prop_replist

Interface UUID and Version Number for rs_prop_replist

interface UUID, rs_pwd_mgmt

Interface UUID and Version Number for rs_pwd_mgmt

interface UUID, rs_qry

Interface UUID and Version Number for rs_qry

interface UUID, rs_repadm

Interface UUID and Version Number for rs_repadm

interface UUID, rs_replist

Interface UUID and Version Number for rs_replist

interface UUID, rs_repmgr

Interface UUID and Version Number for rs_repmgr

interface UUID, rs_rpladmn

Interface UUID and Version Number for rs_rpladmn

interface UUID, rs_unix

Interface UUID and Version Number for rs_unix

interface UUID, rs_update

Interface UUID and Version Number for rs_update

interface UUID, scd

Interface UUID and Version Number for scd Interface

interface UUID, secidmap

Interface UUID and Version Number for the secidmap Interface

interface, administrative

DCE Security Model

interface, RPC

The krb5rpc RPC Interface

Interface, rpriv

The rpriv RPC Interface

Interface, sec_id_epac_base

Extended PAC (EPAC) Interface

interfaces

Remote Interfaces

User Interfaces

RS Editor RPC Interfaces

intermediary

Subjects and Objects, Privilege and Authorisation

Intermediary Subalgorithms

intermediary

intermediate

intermediate service

intermediate cell in trust chain

The Complete Cross-cell Scenario

Internet host name, versus host-name

Internet, DNS name type

Registered Syntaxes for Cell Names

Internet, registered address type

Registered Host Address Types

interpret, ticket

Part of Ticket to be Encrypted

interval, data type

sec_timeval_period_t

introduction, replication and propagation

DCE Security Replication and Propagation

introduction, security services

Introduction to Security Services

intuitive model

Generalities on Security-The Architecture of Trust

invalid, ticket flag

Ticket Flags

inverse initial permutation

Initial Permutation (IP) and Final Permutation (FP)

invisible, password

sec_rgy_properties_flags_t

IP

Initial Permutation (IP) and Final Permutation (FP)

irreducible generator

Cyclic Redundancy Checksums

is

What is Specified in this Chapter

ISO 8859-1

Registered Password-to-Key Mappings

ISO, registered address type

Registered Host Address Types

issues

Versions and Issues of Specifications

issuing cell TCB

Tickets, Keys, and Cross-Registration

issuing credential

Privilege (Authorisation) Service (PS)

issuing initial ticket

Kerberos Key Distribution (Authentication) Service (KDS)

item

Policy Item, Policies and Properties; rs_policy RPC Interface

item

item,

Registration Service (RS) and RS Editors

item, policy

Registration Service (RS) and RS Editors

items

PGO Items; rs_pgo RPC Interface

iteration

Cursor for Delegate Iteration

Cursor for Extended Attributee Iteration

junction, namespace

ACL Editors

KDC (RFC 1510)

Key Distribution (Authentication) Services

KDS

Kerberos Key Distribution (Authentication) Service (KDS)

KDS (AS and TGS) Requests

KDS Request Body

KDS Request Flags

KDS (AS and TGS) Responses

Part of KDS Response to be Encrypted

KDS Errors

Client Sends AS Request to KDS

KDS Server Receives AS Request and Sends AS Response

KDS Server Receives TGS Request and Sends TGS Response

KDS Error Processing

TGS Request/Response Processing (By KDS)

KDS request, data type

KDS (AS and TGS) Requests

KDS server, must be principal

Tickets, Keys, and Cross-Registration

KDS,

Kerberos Key Distribution (Authentication) Service (KDS)

Key Distribution (Authentication) Services

KDS, as registry client

Registration Service (RS) and RS Editors

KDS, at least one per cell

Cells-Cross-cell Authentication and Authorisation

KDS, basis of name-based authorisation

Name-based versus PAC-based Authorisation

KDS, counterfeit

Client Receives AS Response

KDS, error (data type)

KDS Errors

KDS, error message

AS and TGS Services

KDS, error processing

KDS Error Processing

KDS, invoked only indirectly

Kerberos Key Distribution (Authentication) Service (KDS)

KDS, knowledge of foreign servers

Multi-Hop Trust Chains

KDS, password irrelevant to

Passwords

KDS, request body bgcolor="#FFFFFF" (data type)

KDS Request Body

KDS, request flag (data type)

KDS Request Flags

KDS, response (data type)

KDS (AS and TGS) Responses

KDS, response, encrypted part

Part of KDS Response to be Encrypted

KDS, server receives TGS request

KDS Server Receives TGS Request and Sends TGS Response

KDS, TGS request/response processing

TGS Request/Response Processing (By KDS)

KDS, ticket obtained at login

KDS, two services

AS and TGS Services

KDS, use of protected RPC

Protected RPC

kds_request(), overview

Kerberos Key Distribution (Authentication) Service (KDS)

kerberos

Kerberos Key Distribution (Authentication) Service (KDS)

Kerberos,

Kerberos Key Distribution (Authentication) Service (KDS)

Key Distribution (Authentication) Services

Kerberos, and use of most recent key

sec_passwd_version_t

Kerberos, maximum ticket lifetime

sec_rgy_plcy_auth_t

Kerberos, outline of protocol

Kerberos Key Distribution (Authentication) Service (KDS)

Kerberos, registered service

Registered Authentication Services

Kerberos, unregisterable data

PS Server Receives PTGS Request and Sends PTGS Response

kerckhoffs

Key-based Security: Kerckhoffs' Doctrine

kerckhoffs´

Kerckhoffs´ Doctrine

Kerckhoffs', doctrine

Key-based Security: Kerckhoffs' Doctrine

key

Kerberos Key Distribution (Authentication) Service (KDS)

Key Management Facility

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

Key Distribution (Authentication) Services

Registered Encryption Key Types

Key Management Facility RPC Interface

The Key Management RPC Interface

Common Data Types and Constants for Key Management

key management facility

key distribution service (KDS),

Kerberos Key Distribution (Authentication) Service (KDS)

key distribution service,

Key Distribution (Authentication) Services

key management facility,

Key Management Facility

key management, no special RPC interfaces

The Key Management RPC Interface

key schedule

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

key type

Key Management Facility

key version number, presence/absence of

Encrypted Data

key,

Key-based Security: Kerckhoffs' Doctrine

key, deletion of

Key Management Facility

key, DES

Data Encryption Standard (DES)

Basic DES

key, DES (data type)

sec_passwd_des_key_t

key, distributed by KDS

Kerberos Key Distribution (Authentication) Service (KDS)

key, distribution service

DCE Security Model

key, encryption (data type)

Encryption Keys

key, exactly one per account

sec_passwd_version_t

key, frequency of changes

Key Management Facility

key, in AS response

Kerberos Key Distribution (Authentication) Service (KDS)

key, in Kerberos protocol

Kerberos Key Distribution (Authentication) Service (KDS)

key, in TGS response

Kerberos Key Distribution (Authentication) Service (KDS)

key, limit on duration of validity

Integration with Time Services

key, long-term

Key Management Facility

key, long-term, retrieval

KDS Server Receives AS Request and Sends AS Response

key, long-term/short-term

Tickets, Keys, and Cross-Registration

key, lookup, in PGO item

PGO Items; rs_pgo RPC Interface

key, management

Key-based Security: Kerckhoffs' Doctrine

key, mapping to password, registered

Registered Password-to-Key Mappings

key, MD4 does not depend on

Message Digests 4 and 5 (MD4, MD5)

key, MD5 does not depend on

Message Digests 4 and 5 (MD4, MD5)

key, most recent

sec_passwd_version_t

key, possibly-weak

Possibly Weak Keys

key, query, type

rs_pgo_query_t

key, safe lifetime

Integration with Time Services

key, search attack

Data Encryption Standard (DES)

key, semi-weak

Semi-Weak Keys

key, session

Kerberos Key Distribution (Authentication) Service (KDS)

Tickets, Keys, and Cross-Registration

key, session/conversation

DCE Security Model

key, to be avoided

Keys to be Avoided

key, true session

DCE Security Model

key, type, in RS information

RS Information

key, version number

sec_key_version_t

key, weak

Weak Keys

key-based

Key-based Security: Kerckhoffs' Doctrine

key_seq_num

Conversation Manager out_data

keying information

rs_acct_key_transmit_t

keys

Tickets, Keys, and Cross-Registration

Encryption Keys

knowledge

Knowledge versus Belief; Trust

knowledge of foreign KDS servers

Multi-Hop Trust Chains

knowledge,

Knowledge versus Belief; Trust

krb5rpc

The krb5rpc RPC Interface

krb5rpc identity, element of cell-profile node

Binding to TCB Servers

krb5rpc, metadata explicit in

Integration with RPC Services

krb5tgt, reserved account

Accounts; rs_acct RPC interface

krb5tgt, reserved name

PGO Items; rs_pgo RPC Interface

krbtgt

Registered RS Name Types

KS

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

language, natural

Key Distribution (Authentication) Services

LAS+TGS,

Kerberos Key Distribution (Authentication) Service (KDS)

last

Last Requests

Registered Last Request Types

last request, data type

Last Requests

last request, in RS information

RS Information

last request, in TGS response

Client Receives TGS Response

last request, inspection

Client Receives AS Response

last request, registered

Registered Last Request Types

later, end of time timestamp

Timestamps, Microseconds, and Clock Skew

later, in comparing timestamps

Timestamps, Microseconds, and Clock Skew

laws

Composition Laws (Chaining Properties)

laws, composition

Composition Laws (Chaining Properties)

least privilege

Authenticators

least-significant byte (LSB),

Mapping Byte-Sequences to Integers

left

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

left shift, in DES

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

left shift/rotate

Bitwise Operations and Rotations

legal ACL

Common ACLs

length

Append Length

length, of pickle

(IDL/NDR) Pickles

length, password

sec_rgy_plcy_t

lifetime timestamp

Kerberos Key Distribution (Authentication) Service (KDS)

lifetime, account

sec_rgy_plcy_t

lifetime, in AS request

Kerberos Key Distribution (Authentication) Service (KDS)

lifetime, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

lifetime, of key in DES

Integration with Time Services

lifetime, of ticket

Kerberos Key Distribution (Authentication) Service (KDS)

lifetime, password

sec_rgy_plcy_t

lifetime, renewable

sec_rgy_plcy_auth_t

lifetime, ticket

sec_rgy_plcy_auth_t

lifetime, ticket, in RS information

RS Information

link, in trust chain

Distributed Security: Secrets and Cryptology

linking

Linking EPAC Sets to Tickets

links of chains

CBC Mode

list

List of Seals

Replica List

Replica List Entries

Access Control List API

Error Code Mapping List

access control list (ACL)

list of UUIDs

Privilege (Authorisation) Service (PS)

list, access control (ACL),

Access Control Lists (ACLs)

list, of pointers to ACL

sec_acl_list_t

lists

Access Control Lists (ACLs)

literature, current

Generalities on Security-The Architecture of Trust

little-endian,

Integer Representations (Endianness)

Mapping Bit-Sequences to Integers

local

Local and Foreign Authorisation Identities

local ACLE type

ACL Entries and their Types

local authorisation, vs. foreign

Local and Foreign Authorisation Identities

local cell UUID,

Privilege (Authorisation) Service (PS)

local group, in groupset

Groups Associated With a Foreign Cell

local group, in PAC

Privilege Attribute Certificates (PACs)

local ID

sec_rgy_pgo_item_t

local ID, account (data type)

sec_rgy_unix_sid_t

local ID, lookup by

rs_pgo_unix_num_key_t

local key store, management of keys in

Key Management Facility

local password, data type

sec_rgy_unix_passwd_buf_t

locate

Locate a Security Server

lock,

Key-based Security: Kerckhoffs' Doctrine

locking, semantics not specified

ACL Editors

logical security,

Distributed Security: Secrets and Cryptology

login

DCE Security Model

Accounts; rs_acct RPC interface

Extended Login and Password Management Overview

validated login

login context, non-interactive basis

Login Denial

The Timestamps (AS + TGS) Protocol

Server Side

Environmental Parameters and Registry Attributes

Login Denial, Client Overview

Client

Login Denial, Overview

Login Denial, Server Overview

Server

login facility,

Login Functions, for delegation

Delegation-Related Functions

login name, equals account name

Accounts; rs_acct RPC interface

login program,

login request protocol

Pre-Authentication and Obtaining a TGT

login response protocol

Pre-Authentication and Obtaining a TGT

login shell

sec_rgy_acct_user_t

login, availability of characters

Minimum Implementation Requirements

login_set

login_set ERA

login_set

long

sec_rgy_name_t-Short and Long PGO Names

long PGO name

sec_rgy_name_t-Short and Long PGO Names

long-term key

Tickets, Keys, and Cross-Registration

long-term key, in RS information

RS Information

long-term key, one per account

Key Management Facility

long-term key, retrieval

KDS Server Receives AS Request and Sends AS Response

longword,

Bits, Bytes, Words, and so on

lookup by local ID

rs_pgo_unix_num_key_t

lookup by UUID

rs_pgo_id_key_t

lookup key, data type

rs_pgo_query_key_t

lookup, result

rs_pgo_result_t

lost, information in PTGS request

PTGS Requests

low-order bit, use of, in permission

rdacl_get_printstring()

LS

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

LSB,

Mapping Byte-Sequences to Integers

lt;dce/acct.h>

lt;dce/aclbase.h>

lt;dce/binding.h>

lt;dce/keymgmt.h>

lt;dce/misc.h>

lt;dce/pgo.h>

lt;dce/policy.h>

lt;dce/rgynbase.h>

lt;dce/sec_login.h>

lt;dce/sec_rgy_attr.h>

lt;dce/sec_rgy_attr_sch.h>

lt;dce/secidmap.h>

machine name, versus host-name

machine principal name

PGO Items; rs_pgo RPC Interface

management

Key Management Facility

Extended Login and Password Management Overview

Password Management

Key Management Facility RPC Interface

The Key Management RPC Interface

Common Data Types and Constants for Key Management

Key Management API

key management facility

management information permission

Supported Permissions

manager

Common ACL Manager Algorithm

Delegation Common ACL Manager Algorithm

Notes on Common ACL Manager ACLs

ACL Manager Types Supported by the RS

CL Establishment of Credentials (Conversation Manager)

Conversation Manager in_data

Conversation Manager out_data

RS Protected Objects and their ACL Manager Types

ACL manager

manager, ACL,

ACL Managers, Permissions, Access Determination Algorithms

ACL Managers

managers

ACL Managers, Permissions, Access Determination Algorithms

Multiple ACLs and ACL Managers

ACL Managers

managing keys

Key-based Security: Kerckhoffs' Doctrine

mandatory policy

Policy versus Service versus Mechanism

manipulated old ticket

KDS (AS and TGS) Requests

Client Sends TGS Request

map

ID Map Facility

ID Map Facility RPC Interface

ID Map API

map, endpoint

ACL Editors

map, password to cryptographic key

mapping

Mapping Bit-Sequences to Integers

Mapping Byte-Sequences to Integers

Mapping Mixed Bit/Byte-Sequences to Integers

Symbol Mapping Table

Error Code Mapping List

mapping, password-to-key, registered

Registered Password-to-Key Mappings

mappings

Registered Password-to-Key Mappings

marshall, pickle

(IDL/NDR) Pickles

mask ACLE type

ACL Entries and their Types

MASK_OBJ

ACL Entries and their Types

MASK_OBJ, and sec_acl_calc_mask()

ACL Editors

MASK_OBJ, at most one

Common ACLs

MASK_OBJ, optional in common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

masking step in CADA

Common ACL Manager Algorithm

masking step in DADA

Delegation Common ACL Manager Algorithm

masquerade

DCE Security Model

master

The Master Replica

Master Change

master replica

The Master Replica

master/slave RS server

RS Binding; rs_bind Interface and sec_rgy_bind API

matching

Second Step: Matching

matching step in CADA

Common ACL Manager Algorithm

matching step in DADA

Delegation Common ACL Manager Algorithm

mathematical probability

Knowledge versus Belief; Trust

matrix, access

Subjects and Objects, Privilege and Authorisation

max_invalid_attempts

max_invalid_attempts ERA

maxClockSkew

Maximum Allowable Clock Skew

maximum

Maximum Allowable Clock Skew

maximum clock skew

Maximum Allowable Clock Skew

maximum clock skew, in RS information

RS Information

maximum ticket lifetime

sec_rgy_plcy_auth_t

MD4

Message Digests 4 and 5 (MD4, MD5)

Checksum Mechanisms

MD4

MD4,

Message Digests 4 and 5 (MD4, MD5)

MD4

MD4, no raw interface

Message Digests 4 and 5 (MD4, MD5)

MD5

Message Digests 4 and 5 (MD4, MD5)

Checksum Mechanisms

MD5

MD5,

Message Digests 4 and 5 (MD4, MD5)

MD5

MD5, no raw interface

Message Digests 4 and 5 (MD4, MD5)

MD5, usage to ensure integrity

Protected RPC

mechanism

Policy versus Service versus Mechanism

mechanism,

Policy versus Service versus Mechanism

mechanisms

Checksum Mechanisms

Encryption/Decryption Mechanisms

mediation, of trust link across cells

Cells-Cross-cell Authentication and Authorisation

member of group,

Registration Service (RS) and RS Editors

membership permission

Supported Permissions

memorisation of password

Key Management Facility

memory, inability to allocate

The krb5rpc RPC Interface

message

Message Digests 4 and 5 (MD4, MD5)

Compress Message in 16-Word Chunks

Protocol Message Types

Registered Protocol Message Types

message

Message Digest 5 (MD5),

Message Digests 4 and 5 (MD4, MD5)

message digest, produced by MD4

MD4

message digest, produced by MD5

MD5

message identity code (MIC),

Message Digests 4 and 5 (MD4, MD5)

message type, data type

Protocol Message Types

message type, in KDS Error message

KDS Error Processing

message,

Encoding/Decoding and Encryption/Decryption of Messages

message, KDS Error

AS and TGS Services

message, notation

Kerberos Key Distribution (Authentication) Service (KDS)

messages

Encoding/Decoding and Encryption/Decryption of Messages

metacharacter, escaping

Registered Transit Path Types

metacharacter, in cell name

Cell Names

metacharacter, in transit path

Registered Transit Path Types

metadata

DCE Security Model

ACL Editors

metadata, pickle header

(IDL/NDR) Pickles

metadata, tickets and authenticators

Integration with RPC Services

metaticket,

Kerberos Key Distribution (Authentication) Service (KDS)

MIC,

Message Digests 4 and 5 (MD4, MD5)

microsecond timestamp

Timestamps, Microseconds, and Clock Skew

microsecond timestamp, alternative implementation

Timestamps, Microseconds, and Clock Skew

microsecond, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

microsecond, in KDS Error message

KDS Error Processing

microseconds

Timestamps, Microseconds, and Clock Skew

minimum

Minimum Implementation Requirements

minimum implementation requirement

Minimum Implementation Requirements

minimum number of octets

Key Distribution (Authentication) Services

minimum_password_cycle_time

minimum_password_cycle_time ERA

mirrored RS server

RS Binding; rs_bind Interface and sec_rgy_bind API

miscellaneous

Miscellaneous; rs_misc RPC Interface

Miscellaneous Routines Needed for DCE Security

misuse of resources

Security Attributes: Authenticity, Integrity, Confidentiality

mix-in string

Registered Password-to-Key Mappings

mixed

Mapping Mixed Bit/Byte-Sequences to Integers

mixed bit/byte-sequence, mapping to integer

Mapping Mixed Bit/Byte-Sequences to Integers

mode

CBC Mode

Details of CBC Mode Algorithm

mode, access

Subjects and Objects, Privilege and Authorisation

model

DCE Security Model

DCE Delegation Model

Overview of Delegation Model

Components of Delegation Model

model of security,

DCE Security Model

model, extend to multi-cell case

Cells-Cross-cell Authentication and Authorisation

model, extension of

ACL Editors

model, federated naming

ACL Editors

model, inheritance

Supported Permissions

model, programming, RPC

Protected RPC

model, RPC binding

RPC Binding Models

model, shape, trusted

RS Information

models

RPC Binding Models

models, academic

Generalities on Security-The Architecture of Trust

modes

Delegation Compatibility Modes

modification, date/time

rs_cache_data_t

modular

Modular Arithmetic

modular arithmetic

Modular Arithmetic

monitor

reference monitor

monitor, reference

Untrusted Environments: A Priori Trust and Trust Chains

most recent key

sec_passwd_version_t

most-significant byte (MSB),

Mapping Byte-Sequences to Integers

MSB,

Mapping Byte-Sequences to Integers

multi-cell TCB

DCE Security Model

Cells-Cross-cell Authentication and Authorisation

Multi-Hop

Multi-Hop Trust Chains

multi-hop trust chain

Multi-Hop Trust Chains

multi-prong

multi-prong attack

Further Discussion of Certification

multi-valued

multi-valued attribute

multiple

Multiple ACLs and ACL Managers

multiple ACLs,

Multiple ACLs and ACL Managers

multiple UUIDs

Privilege (Authorisation) Service (PS)

mutual authentication

DCE Security Model

Server Receives Authentication Header and Sends Reverse-Authentication Header

mutual authentication, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

mutual authentication, future work

ACL Editors

mutual authentication, in TGS request

Client Sends TGS Request

mutual authentication, of TGS service

TGS Request/Response Processing

mutual required

Authentication Header Flags

mutual trust

Cells-Cross-cell Authentication and Authorisation

n-tuple

Sequences

name permission

Supported Permissions

name, data type

sec_rgy_member_t

name, full

sec_rgy_pgo_item_t

name, global PGO

Global PGO Names

name, mapping by ID map facility

ID Map Facility

name, of account

Accounts; rs_acct RPC interface

name, of cell (data type

Cell Names

name, principal (data type)

Principal Names

name, reserved

PGO Items; rs_pgo RPC Interface

name, RS (data type)

RS Names

name-based

Name-based versus PAC-based Authorisation

Name-Based Authorisation

name-based authorisation

Name-based versus PAC-based Authorisation

Name-Based Authorisation

name-based group, not supported

Name-based versus PAC-based Authorisation

named client

Kerberos Key Distribution (Authentication) Service (KDS)

Tickets, Keys, and Cross-Registration

named client, in privilege ticket

Privilege (Authorisation) Service (PS)

names

Cell Names

Registered Syntaxes for Cell Names

RS Names

Principal Names

sec_rgy_name_t-Short and Long PGO Names

Global PGO Names

namespace junction

ACL Editors

namespace, separate

PGO Items; rs_pgo RPC Interface

NAMETYPE

Registered Syntaxes for Cell Names

naming

Integration with Naming Services

naming domain

sec_rgy_name_t-Short and Long PGO Names

naming domain, data type

sec_rgy_domain_t

naming model, extension of

ACL Editors

naming services, integration with security

Integration with Naming Services

naming syntax, CDS

sec_rgy_name_t-Short and Long PGO Names

natural language

Key Distribution (Authentication) Services

NDR format label

(IDL/NDR) Pickles

NDR, encoding/marshalling of pickles

(IDL/NDR) Pickles

NDR, not used in pickle fields

(IDL/NDR) Pickles

needed

Miscellaneous Routines Needed for DCE Security

negation, boolean,

Bitwise Operations and Rotations

negotiation, in RS information

RS Information

negotiation, of conversation key

Kerberos Key Distribution (Authentication) Service (KDS)

network

network login context

network TCB

network delay

Maximum Allowable Clock Skew

network identity information, mapped at login

network login context

network TCB,

DCE Security Model

network, compromise

Key-based Security: Kerckhoffs' Doctrine

new ticket

KDS (AS and TGS) Requests

newly issued ticket

Client Sends TGS Request

next hop, in RS information

RS Information

nibble, not used in this specification

Bits, Bytes, Words, and so on

no-op

scd_protected_noop()

no-op, protected

Delegation-Related Functions

node, RPC cell profile

Binding to TCB Servers

nominate client,

Privilege (Authorisation) Service (PS)

nominated client

Privilege-Tickets

non-alphabetic, required in password

sec_rgy_plcy_pwd_flags_t

non-cryptographic checksum

Checksum Mechanisms

non-empty, header and body bgcolor="#FFFFFF" of pickle

(IDL/NDR) Pickles

non-interactive subject, and key management facility

Key Management Facility

Non-Intermediary

Non-Intermediary Subalgorithms

non-invertible digest

MD4

MD5

non-linearity of DES

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

nonce, as challenge

Conversation Manager in_data

nonce, checking

Client Receives AS Response

nonce, data type

Nonces

nonce, in AS request

Kerberos Key Distribution (Authentication) Service (KDS)

nonce, in TGS request

Client Sends TGS Request

nonce, in TGS response

Client Receives TGS Response

nonce, initialisation

Client Sends AS Request to KDS

nonces

Nonces

none, reserved group name

PGO Items; rs_pgo RPC Interface

none, reserved organisation name

PGO Items; rs_pgo RPC Interface

normal form, bytes of DES key

Basic DES

not,

Bitwise Operations and Rotations

notation

Kerberos Key Distribution (Authentication) Service (KDS)

Terminology, Notation, and Conventions

notation,

Terminology, Notation, and Conventions

notation, for CBC encryption/decryption

CBC Mode

notation, for decryption

Basic DES

notation, for encryption

Basic DES

notes

Notes on Common ACL Manager ACLs

number

Interface UUID and Version Number for rdacl Interface

Interface UUID and Version Number for rs_bind

Interface UUID and Version Number for rs_policy

Interface UUID and Version Number for rs_pgo

Interface UUID and Version Number for rs_acct

Interface UUID and Version Number for rs_misc

Interface UUID and Version Number for rs_prop_acct

Interface UUID and Version Number for rs_prop_acl

Interface UUID and Version Number for rs_prop_attr

Interface UUID and Version Number for rs_prop_attr_schema

Interface UUID and Version Number for rs_prop_pgo

Interface UUID and Version Number for rs_prop_plcy

Interface UUID and Version Number for rs_prop_replist

Interface UUID and Version Number for rs_pwd_mgmt

Interface UUID and Version Number for rs_qry

Interface UUID and Version Number for rs_repadm

Interface UUID and Version Number for rs_replist

Interface UUID and Version Number for rs_repmgr

Interface UUID and Version Number for rs_rpladmn

Interface UUID and Version Number for rs_unix

Interface UUID and Version Number for rs_update

Interface UUID and Version Number for the secidmap Interface

Interface UUID and Version Number for scd Interface

number, random (data type)

Random Numbers

number, sequence (data type)

Sequence Numbers

numbers

Protocol Version Numbers

Registered Protocol Version Numbers

Sequence Numbers

Random Numbers

numerical rotation

Bitwise Operations and Rotations

numerical rotation,

Bitwise Operations and Rotations

O-name

Integration with Naming Services

object

Object Types, ACL Types, and ACL Inheritance

Access Control for the xattrschema Object

object ACL,

Object Types, ACL Types, and ACL Inheritance

object,

Subjects and Objects, Privilege and Authorisation

Object Types, ACL Types, and ACL Inheritance

object, control of access to

Access Control Lists (ACLs)

object, group

Registration Service (RS) and RS Editors

object, identity of

ACL Editors

object, organisation

Registration Service (RS) and RS Editors

object, principal

Registration Service (RS) and RS Editors

object, protected

The rdacl RPC Interface

Identifying Protected Objects and ACLs

object, underlying

ACL Editors

object, uniqueness of identification

Identifying Protected Objects and ACLs

objective criterion of belief

Knowledge versus Belief; Trust

objects

Subjects and Objects, Privilege and Authorisation

Identifying Protected Objects and ACLs

RS Protected Objects and their ACL Manager Types

obscurity

Key-based Security: Kerckhoffs' Doctrine

obtaining

Pre-Authentication and Obtaining a TGT

odd parity

Basic DES

old ticket, manipulated

KDS (AS and TGS) Requests

one-way authentication in sec_acl

ACL Editors

opaque pointer, login context as

opaque RPC transport

Integration with RPC Services

opaque, cell name

Cell Names

open

The Open Group

Open Group Publications

operating system

Subjects and Objects, Privilege and Authorisation

operating system, basis of key security

Key Management Facility

operation, on bit-sequences

Bitwise Operations and Rotations

operations

Bitwise Operations and Rotations

opinion

Knowledge versus Belief; Trust

optimisation

Kerberos Key Distribution (Authentication) Service (KDS)

option

The use-session-key Option

optional

Optional and Required Restrictions

OR,

Bitwise Operations and Rotations

order of reporting errors

Key Distribution (Authentication) Services

ordering

Ordering Information

org-name

Integration with Naming Services

organisation domain

Registration Service (RS) and RS Editors

sec_rgy_domain_t

organisation, ACL manager permission

RS Protected Objects and their ACL Manager Types

organisation, ACL manager type

ACL Manager Types Supported by the RS

organisation, ACL manager type UUID

RS Protected Objects and their ACL Manager Types

organisation, identity (data type)

sec_rgy_foreign_id_t

organisation, in account item

Accounts; rs_acct RPC interface

organisation, policy information

sec_rgy_plcy_t

organisation, separate namespace

PGO Items; rs_pgo RPC Interface

organisation, supported ACLE types

RS Protected Objects and their ACL Manager Types

organization-ID

ID Map Facility

organization-name

ID Map Facility

original RPC

CL Establishment of Credentials (Conversation Manager)

origination

Status Code Origination

OTHER_OBJ

ACL Entries and their Types

OTHER_OBJ Subalgorithm

OTHER_OBJ, algorithm

OTHER_OBJ Subalgorithm

OTHER_OBJ, at most one

Common ACLs

OTHER_OBJ, supported by common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

OTHER_OBJ_DEL

OTHER_OBJ_DEL Subalgorithm

OTHER_OBJ_DEL, algorithm

OTHER_OBJ_DEL Subalgorithm

OTHER_OBJ_DELEG

ACL Entries and their Types

out of band

DCE Security Model

out_data

Conversation Manager out_data

out_data, in CL security

Conversation Manager out_data

outline

Outline of the Remainder of this Chapter, and of this Specification

outline of specification

Outline of the Remainder of this Chapter, and of this Specification

outline, of Kerberos protocol

Kerberos Key Distribution (Authentication) Service (KDS)

output

Output

overlap, of security domains

Policy versus Service versus Mechanism

overview

Overview of Delegation Model

Extended Login and Password Management Overview

Replication Overview

owner, can control object's ACL

ACL Managers, Permissions, Access Determination Algorithms

owning group

ACL Entries and their Types

owning user

ACL Entries and their Types

p

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

P-name

Integration with Naming Services

PA header, received by server

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

PA, client sends header

Client Sends Privilege Authentication Header

PAC

The Extended PAC (EPAC)

PAC Formats

Extended PAC (EPAC) Interface

Extended PAC Data

Extended PAC (EPAC)

PAC

privilege attribute certificate (PAC)

PAC attribute, in RS information

RS Information

PAC format, data type

PAC Formats

PAC, (Set of) Extended (EPACs)

Set of Extended PACs (EPACs)

PAC, contained in privilege ticket

Privilege (Authorisation) Service (PS)

PAC, data type

Privilege Attribute Certificates (PACs)

PAC, empty

Privilege-Tickets

PAC, Extended (EPAC)

Extended PAC (EPAC)

PAC, pickled

Pickled PACs

PAC-based

Name-based versus PAC-based Authorisation

PAC-Based Privilege Service (PS)

PAC-based authorisation

Name-based versus PAC-based Authorisation

PAC-based PS

PAC-Based Privilege Service (PS)

PACs

Privilege Attribute Certificates (PACs)

Pickled PACs

Set of Extended PACs (EPACs)

padata

Signature of padata Field

padding

Append Padding Bits

padding bits

(IDL/NDR) Pickles

pair of UUIDs

Privilege (Authorisation) Service (PS)

parameters

Environmental Parameters and Registry Attributes

parent object,

Object Types, ACL Types, and ACL Inheritance

parity, odd in DES key

Basic DES

part

Part 1

Part 2

Part of Ticket to be Encrypted

Part of Reverse-authentication Header to be Encrypted

Part of KDS Response to be Encrypted

Part 3

Part 4

part of KDS response

Part of KDS Response to be Encrypted

part of message, notation

Kerberos Key Distribution (Authentication) Service (KDS)

part of RA header to be encrypted

Part of Reverse-authentication Header to be Encrypted

part of ticket to be encrypted

Part of Ticket to be Encrypted

partial block, encryption of

CBC Mode

partial qualification

Integration with Naming Services

partitioned RPC

Fundamental Concepts

partitioned, RPC service

PAC-Based Privilege Service (PS)

partitioning, of network TCB

DCE Security Model

passive aspect

Subjects and Objects, Privilege and Authorisation

passive bits of DES vector

Basic DES

passive bits, destroying

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

Passsword Strength

Password Management

passwd_override

passwd_override ERA

password

DCE Security Model

Extended Login and Password Management Overview

Password Management

Password Expiration

weak password

Password Expiration

Password Management

Password Management,

Extended Login and Password Management Overview

Password Management, Overview

Password Management

password, and key search attack

Data Encryption Standard (DES)

password, basis of long-term key

Key Management Facility

password, change

sec_passwd_version_t

password, changing

Client Receives AS Response

password, data type

Passwords

sec_passwd_type_t

sec_passwd_rec_t

sec_rgy_unix_passwd_buf_t

password, expiration

sec_rgy_plcy_t

password, level of confidence in

Knowledge versus Belief; Trust

password, lifetime

sec_rgy_plcy_t

password, minimum length

sec_rgy_plcy_t

password, not to be sent remotely

sec_rgy_properties_flags_t

password, policy restriction

sec_rgy_plcy_pwd_flags_t

password, requested at login

password, valid

sec_rgy_acct_user_flags_t

password, version number

sec_passwd_version_t

password-changing program

Tickets, Keys, and Cross-Registration

Password-to-Key

Registered Password-to-Key Mappings

password-to-key mapping, registered

Registered Password-to-Key Mappings

password_generation

password_generation ERA

passwords

Passwords

passwords_per_cycle

passwords_per_cycle ERA

path

Registered Transit Path Types

transit path

path, transit

Kerberos Key Distribution (Authentication) Service (KDS)

paths

Transit Paths

PC1

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

PC1, PC2

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

PC2

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

PCS

Minimum Implementation Requirements

PCS, in printstring

Printstrings and Helpstrings

PDU

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

PDU, verifier and body bgcolor="#FFFFFF"

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

pepper

Registered Password-to-Key Mappings

per-cell PGO UUID

ID Map Facility

per-end-principal, in RS information

RS Information

per-foreign-KDS, in RS information

RS Information

performance

Protected RPC

permission

ACL Managers, Permissions, Access Determination Algorithms

Additional Attribute Permission Bits

ACLE Permission Sets

permission set

ACLE Permission Sets

permission, and common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

permission, bit position

rdacl_get_printstring()

permission, common

Common Permissions

permission, display format

rdacl_get_printstring()

permission, exceeding maximum number

Multiple ACLs and ACL Managers

permission, in ACLE

ACL Entries and their Types

permission, list

Supported Permissions

permission, maximum number

ACL Entries and their Types

permission, semantics unspecified

Common Permissions

permissions

ACL Managers, Permissions, Access Determination Algorithms

Common Permissions

Supported Permissions

Permissions Required

permissions, not supported in name-based

Name-based versus PAC-based Authorisation

permutation

Initial Permutation (IP) and Final Permutation (FP)

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

permutation mapping

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

permuted

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

permuted choices

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

PGO

PGO Items; rs_pgo RPC Interface

sec_rgy_name_t-Short and Long PGO Names

Global PGO Names

PGO item, attribute (data type)

sec_rgy_pgo_flags_t

PGO item, data type

sec_rgy_pgo_item_t

PGO item, definitive identifier

sec_rgy_pgo_item_t

PGO name, mapping into components

ID Map Facility

PGO name, short and long

sec_rgy_name_t-Short and Long PGO Names

PGO UUID

ID Map Facility

PGO, global name

Global PGO Names

PGO, protected with ACLs

Integration with Naming Services

pgo-ID

ID Map Facility

PGO-name,

Integration with Naming Services

physical security

Untrusted Environments: A Priori Trust and Trust Chains

pickle

pickle,

(IDL/NDR) Pickles

pickle, data type

rs_encrypted_pickle_t

pickle, in extended ACLE

Extended ACLE Information

pickle, type (data type)

sec_bytes_t

pickled

Pickled PACs

pickled PAC

Pickled PACs

pickled PAC, in privilege-ticket

Privilege-Tickets

pickles

(IDL/NDR) Pickles

piggy-back

Kerberos Key Distribution (Authentication) Service (KDS)

pkl_length_hi

(IDL/NDR) Pickles

pkl_length_low

(IDL/NDR) Pickles

pkl_syntax

(IDL/NDR) Pickles

pkl_type

(IDL/NDR) Pickles

pkl_version

(IDL/NDR) Pickles

plaintext

Encoding/Decoding and Encryption/Decryption of Messages

plaintext, operated on by DES

Data Encryption Standard (DES)

plaintext, pre-encrypted

KDS Request Body

KDS (AS and TGS) Responses

pointer, opaque, login context as

pointer, to ACL

sec_acl_p_t

policies

Policy Item, Policies and Properties; rs_policy RPC Interface

policy

Policy versus Service versus Mechanism

Policy Item, Policies and Properties; rs_policy RPC Interface

Integration with Naming Services

policy

policy object

policy attribute

sec_rgy_properties_t

policy item

Registration Service (RS) and RS Editors

policy item,

Policy Item, Policies and Properties; rs_policy RPC Interface

policy,

Policy versus Service versus Mechanism

policy, ACL manager permission

RS Protected Objects and their ACL Manager Types

policy, ACL manager type

ACL Manager Types Supported by the RS

policy, ACL manager type UUID

RS Protected Objects and their ACL Manager Types

policy, authentication

sec_rgy_plcy_auth_t

policy, examples

Policy versus Service versus Mechanism

policy, in policy item

Policy Item, Policies and Properties; rs_policy RPC Interface

policy, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

policy, of organisation

sec_rgy_plcy_t

policy, organisation

Registration Service (RS) and RS Editors

policy, protected with ACLs

Integration with Naming Services

policy, restriction on password

sec_rgy_plcy_pwd_flags_t

policy, supported ACLE types

RS Protected Objects and their ACL Manager Types

polymorphic, no registry item is

ACL Manager Types Supported by the RS

polymorphism

Identifying Protected Objects and ACLs

polynomial, definition of CRC

Cyclic Redundancy Checksums

poor cryptographic characteristic

Keys to be Avoided

port 88

Integration with RPC Services

The krb5rpc RPC Interface

portability, seat

Minimum Implementation Requirements

portable character set

Minimum Implementation Requirements

portable character set, in printstring

Printstrings and Helpstrings

posited trust

Knowledge versus Belief; Trust

position indicator

sec_rgy_cursor_t

POSIX, and MASK_OBJ

ACL Editors

POSIX, draft rule for common ACL

Common ACLs

POSIX, extent of semantics

sec_acl_posix_semantics_t

POSIX, group

ACL Entries and their Types

POSIX, home directory

sec_rgy_acct_user_t

POSIX, login shell

sec_rgy_acct_user_t

POSIX, owner

ACL Entries and their Types

possibly

Possibly Weak Keys

possibly-weak keys,

Possibly Weak Keys

postdatable, in AS response

KDS Server Receives AS Request and Sends AS Response

postdatable, in RS information

RS Information

postdatable, in TGS request

Client Sends TGS Request

postdatable, initialisation

Client Sends AS Request to KDS

postdatable, KDS request flag

KDS Request Flags

postdatable, ticket flag

Ticket Flags

power, of polynomial defining CRC

Cyclic Redundancy Checksums

Pre-Aauthentication

Pre-Authentication and Obtaining a TGT

Pre-Authentication

Pre-Authentication and Obtaining a TGT

Third-Party Pre-Authentication Protocol

pre-authentication data

KDS (AS and TGS) Requests

Pre-Authentication, Overview

Pre-Authentication

Pre-authentication, protocol

Third-Party Pre-Authentication Protocol

pre-encrypted plaintext

KDS Request Body

KDS (AS and TGS) Responses

pre-installation

DCE Security Model

pre_auth_req

pre_auth_req ERA

preface

Preface

prefixed name type

Registered Syntaxes for Cell Names

primary group, in account item

Accounts; rs_acct RPC interface

principal

Principal Names

cell principal

principal domain

Registration Service (RS) and RS Editors

sec_rgy_domain_t

principal domain, and aliases

PGO Items; rs_pgo RPC Interface

principal name, data type

Principal Names

principal name, not a parameter in sec_acl

ACL Editors

principal stringname, conceptual part of login context

principal UUID,

Privilege (Authorisation) Service (PS)

principal, ACL manager permission

RS Protected Objects and their ACL Manager Types

principal, ACL manager type

ACL Manager Types Supported by the RS

principal, ACL manager type UUID

RS Protected Objects and their ACL Manager Types

principal, cell,

Kerberos Key Distribution (Authentication) Service (KDS)

principal, equal vs. distinct across cells

Cells-Cross-cell Authentication and Authorisation

principal, identity (data type)

sec_rgy_foreign_id_t

Principal, input to CADA

The Common Access Determination Algorithm for Delegation

principal, KDS server must be

Tickets, Keys, and Cross-Registration

principal, separate namespace

PGO Items; rs_pgo RPC Interface

principal, supported ACLE types

RS Protected Objects and their ACL Manager Types

principal-ID

ID Map Facility

principal-name

ID Map Facility

Integration with Naming Services

printable stringname (data type

sec_rgy_pname_t

printstring

ACL Managers, Permissions, Access Determination Algorithms

printstring

printstring, and common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

printstring, common

Common Printstrings

printstring, data type

Printstrings and Helpstrings

printstring, permission

Supported Permissions

printstrings

Printstrings and Helpstrings

Common Printstrings

priori

Untrusted Environments: A Priori Trust and Trust Chains

a priori trusted entity

privacy

Security Attributes: Authenticity, Integrity, Confidentiality

privilege

Subjects and Objects, Privilege and Authorisation

Privilege (Authorisation) Service (PS)

Extended Privilege Attribute Facility

Privilege (Authorisation) Services

PAC-Based Privilege Service (PS)

Privilege Attribute Certificates (PACs)

Privilege Authentication Headers

Privilege Reverse-Authentication Headers

Privilege Attributes for the EPAC

Handle for Privilege Attribute Data

Privilege (Reverse-)Authentication Header Processing

Client Sends Privilege Authentication Header

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

Client Receives Privilege Reverse-Authentication Header

privilege attribute

privilege attribute certificate (PAC)

privilege attribute

Privilege (Authorisation) Service (PS)

privilege attribute certificate (PAC),

DCE Security Model

privilege attribute certificate, data type

Privilege Attribute Certificates (PACs)

privilege authentication header, client sends

Client Sends Privilege Authentication Header

privilege authentication header, data type

Privilege Authentication Headers

privilege authentication/RA header

Privilege (Reverse-)Authentication Header Processing

privilege RA header, data type

Privilege Reverse-Authentication Headers

privilege service (PS),

Privilege (Authorisation) Service (PS)

privilege service,

Privilege (Authorisation) Services

privilege service, PAC-based

PAC-Based Privilege Service (PS)

privilege ticket

Privilege (Authorisation) Service (PS)

privilege ticket granting service

PTGS Service

privilege ticket, not used in name-based authorisation

Name-based versus PAC-based Authorisation

privilege ticket, use in PS

Privilege (Authorisation) Service (PS)

privilege, infinite

Subjects and Objects, Privilege and Authorisation

privilege, service

DCE Security Model

privilege-ticket,

DCE Security Model

Privilege-Tickets

privilege-ticket, data type

Privilege-Tickets

privilege-ticket-granting-ticket

Cross-cell Authorisation-Vetting the Privilege-ticket-granting-ticket

Privilege-Tickets

probability

Knowledge versus Belief; Trust

process, context at start-up

process, no correspondence with login context

processing

AS Request/Response Processing

(Reverse-)Authentication Header Processing

TGS Request/Response Processing

KDS Error Processing

PTGS Request/Response Processing

Privilege (Reverse-)Authentication Header Processing

TGS Request/Response Processing (By KDS)

PS Error Processing

processing, AS request/response

AS Request/Response Processing

processing, header/RA header

(Reverse-)Authentication Header Processing

processing, privilege authentication/RA header

Privilege (Reverse-)Authentication Header Processing

processing, TGS request/response

TGS Request/Response Processing (By KDS)

product

The Development of Product Standards

profile

Sample Cell Profile Entries

programming

Security Application Programming Interface

programming model

Protected RPC

prompt, login

Accounts; rs_acct RPC interface

propagation

DCE Security Replication and Propagation

Propagation Queue

proper use of resources

Security Attributes: Authenticity, Integrity, Confidentiality

properties

Policy Item, Policies and Properties; rs_policy RPC Interface

Composition Laws (Chaining Properties)

property, chaining

Composition Laws (Chaining Properties)

property, in policy item

Policy Item, Policies and Properties; rs_policy RPC Interface

property, of RS server (data type)

sec_rgy_properties_flags_t

protected

Protected RPC

Identifying Protected Objects and ACLs

RS Protected Objects and their ACL Manager Types

protected communication, start of

Kerberos Key Distribution (Authentication) Service (KDS)

protected handle, obtain

ACL Editors

protected object

The rdacl RPC Interface

Identifying Protected Objects and ACLs

protected password

sec_rgy_properties_flags_t

protected password, data type

sec_rgy_unix_passwd_buf_t

protected RPC,

DCE Security Model

Protected RPC

protecting security attribute

Security Attributes: Authenticity, Integrity, Confidentiality

protection ACL,

Object Types, ACL Types, and ACL Inheritance

protection of ticket

Kerberos Key Distribution (Authentication) Service (KDS)

protection, of AS response

Kerberos Key Distribution (Authentication) Service (KDS)

protection_level

Conversation Manager out_data

protocol

Key-based Security: Kerckhoffs' Doctrine

The Timestamps (AS + TGS) Protocol

The Third-Party (AS + TGS) Protocol

Third-Party Pre-Authentication Protocol

Protocol Version Numbers

Registered Protocol Version Numbers

Protocol Message Types

Registered Protocol Message Types

Security in the CL RPC Protocol

Security in the CO RPC Protocol

protocol data unit

DCE Security Model

protocol message type, data type

Protocol Message Types

protocol message type, registered

Registered Protocol Message Types

protocol tower

sec_acl_twr_ref_t

rs_replica_twr_vec_p_t

protocol version number, data type

Protocol Version Numbers

protocol version number, registered

Registered Protocol Version Numbers

protocol, Kerberos

Kerberos Key Distribution (Authentication) Service (KDS)

protocol, RPC (list)

Protected RPC

protocol, trusted

Untrusted Environments: A Priori Trust and Trust Chains

protocols

Security Services and Protocols

provability

Knowledge versus Belief; Trust

proxiable, in AS response

KDS Server Receives AS Request and Sends AS Response

proxiable, in RS information

RS Information

proxiable, in TGS request

Client Sends TGS Request

proxiable, initialisation

Client Sends AS Request to KDS

proxiable, KDS request flag

KDS Request Flags

proxiable, ticket flag

Ticket Flags

proximity and trust

Cells-Cross-cell Authentication and Authorisation

proxy, combined with forward

KDS (AS and TGS) Requests

PS

Privilege (Authorisation) Service (PS)

PAC-Based Privilege Service (PS)

PS Errors

PS Server Receives PTGS Request and Sends PTGS Response

PS Error Processing

PS error, no special data type

PS Errors

PS request

Privilege (Authorisation) Service (PS)

PS response

Privilege (Authorisation) Service (PS)

PS,

Privilege (Authorisation) Service (PS)

Privilege (Authorisation) Services

PS, as registry client

Registration Service (RS) and RS Editors

PS, at least one per cell

Cells-Cross-cell Authentication and Authorisation

PS, error processing

PS Error Processing

PS, no direct API

Privilege (Authorisation) Service (PS)

PS, not visited in name-based authorisation

Name-based versus PAC-based Authorisation

PS, use of protected RPC

Protected RPC

ps_app_tkt_result_t

ps_attr_request_t

ps_attr_result_t

ps_message_t

ps_request_become_delegate

ps_request_become_delegate(), overview

Privilege (Authorisation) Service (PS)

ps_request_become_impersonator

ps_request_become_impersonator(), overview

Privilege (Authorisation) Service (PS)

ps_request_eptgt

ps_request_eptgt(), overview

Privilege (Authorisation) Service (PS)

ps_request_ptgt

ps_request_ptgt(), overview

Privilege (Authorisation) Service (PS)

pseudocode

Use of Pseudocode

PTGS

PTGS Service

PTGS Requests

PTGS Responses

PTGS Request/Response Processing

Client Sends PTGS Request

PS Server Receives PTGS Request and Sends PTGS Response

Client Receives PTGS Response

PTGS request, client sends

Client Sends PTGS Request

PTGS request, data type

PTGS Requests

PTGS request, lost information

PTGS Requests

PTGS request, PS server receives

PS Server Receives PTGS Request and Sends PTGS Response

PTGS response, client receives

Client Receives PTGS Response

PTGS response, data type

PTGS Responses

PTGS service

PTGS Service

PTGS, request/response processing

PTGS Request/Response Processing

PTGT

public-key certificate

The use-session-key Option

publications

Open Group Publications

pwd_mgmt_binding

pwd_mgmt_binding ERA

pwd_val_type

pwd_val_type ERA

Q[]

Initialise State Buffer and Trigonometric Vector

quadratic vector Q[]

Initialise State Buffer and Trigonometric Vector

quadword,

Bits, Bytes, Words, and so on

qualification, partial

Integration with Naming Services

quality, of nonce generator

Nonces

quality, of random number generator

Random Numbers

query

Query Triggers

query key, data type

rs_pgo_query_key_t

query key, type

rs_pgo_query_t

Query Triggers

query, result

rs_pgo_result_t

queue

Propagation Queue

quota

quota,

sec_rgy_pgo_item_t

RA header processing

(Reverse-)Authentication Header Processing

RA header, client receives

Client Receives Privilege Reverse-Authentication Header

RA header, sent by server

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

RA, header, client receives

Client Receives Reverse-Authentication Header

random

Random Numbers

random number, data type

Random Numbers

rationale, for extended ACLE

Extended ACLE Information

raw UDP

Integration with RPC Services

rdacl

ACL Editors

The rdacl RPC Interface

Common Data Types and Constants for rdacl Interface

Interface UUID and Version Number for rdacl Interface

rdacl,

The rdacl RPC Interface

rdacl, enumeration of functions

ACL Editors

rdacl_get_(), basis of sec_acl_get_()

ACL Editors

rdacl_get_access

rdacl_get_access()

rdacl_get_access(), overview

ACL Editors

rdacl_get_access()

rdacl_get_manager_types

rdacl_get_manager_types()

rdacl_get_manager_types(), overview

ACL Editors

rdacl_get_manager_types()

rdacl_get_mgr_types_semantics

rdacl_get_mgr_types_semantics()

rdacl_get_mgr_types_semantics(), overview

ACL Editors

rdacl_get_mgr_types_semantics()

rdacl_get_printstring

rdacl_get_printstring()

rdacl_get_printstring(), overview

ACL Editors

rdacl_get_printstring()

rdacl_get_referral

rdacl_get_referral()

rdacl_get_referral(), overview

ACL Editors

rdacl_get_referral()

rdacl_lookup

rdacl_lookup()

rdacl_lookup(), and EXTENDED ACLE type

ACL Entries and their Types

rdacl_lookup(), overview

ACL Editors

rdacl_lookup()

rdacl_place_holder_1

rdacl_place_holder_1()

rdacl_place_holder_1(), overview

rdacl_place_holder_1()

rdacl_replace

rdacl_replace()

rdacl_replace(), may modify RS data

sec_rgy_properties_flags_t

rdacl_replace(), overview

ACL Editors

rdacl_replace()

rdacl_replace(), replacing old ACL

ACL Editors

rdacl_test_access

rdacl_test_access()

rdacl_test_access(), overview

ACL Editors

rdacl_test_access()

rdacl_test_access_on_behalf(), overview

ACL Editors

read permission

ACL Managers, Permissions, Access Determination Algorithms

Supported Permissions

read, protection against

Security Attributes: Authenticity, Integrity, Confidentiality

read-only, RS site

sec_rgy_properties_flags_t

readable server

RS Binding; rs_bind Interface and sec_rgy_bind API

realm

realm name,

Cell Names

realm,

Policy versus Service versus Mechanism

Cells-Cross-cell Authentication and Authorisation

realm, usage in RFC 1510

Key Distribution (Authentication) Services

receives

KDS Server Receives AS Request and Sends AS Response

Client Receives AS Response

Server Receives Authentication Header and Sends Reverse-Authentication Header

Client Receives Reverse-Authentication Header

KDS Server Receives TGS Request and Sends TGS Response

Client Receives TGS Response

PS Server Receives PTGS Request and Sends PTGS Response

Client Receives PTGS Response

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

Client Receives Privilege Reverse-Authentication Header

receiving

Transmitting and Receiving EPACs

reduction

First Step: Reduction

redundancy

Cyclic Redundancy Checksums

redundant UUIDs

Privilege (Authorisation) Service (PS)

reference

reference monitor

Untrusted Environments: A Priori Trust and Trust Chains

reference monitor, RS

ACL Manager Types Supported by the RS

referenced

Referenced Documents

referent, of ACLE

ACL Entries and their Types

referent, of UUID

Privilege (Authorisation) Service (PS)

referral ticket

The Complete Cross-cell Scenario

regarding

Implementation Variability Regarding Required Rights

registered

Registered CRCs

Registered Protocol Version Numbers

Registered Protocol Message Types

Registered Syntaxes for Cell Names

Registered Transit Path Types

Registered RS Name Types

Registered Host Address Types

Registered Last Request Types

Registered Error Status Codes/Text/Data

Registered Encryption Key Types

Registered Checksum Types

Registered Encryption Types

Registered Password-to-Key Mappings

Registered Authentication Data Types

Registered Authorisation Data Types

Registered Authentication Services

Registered Authorisation Services

registered authentication data type

Registered Authentication Data Types

registered authentication service

Registered Authentication Services

registered authorisation data type

Registered Authorisation Data Types

registered authorisation service

Registered Authorisation Services

registered cell name syntax

Registered Syntaxes for Cell Names

registered checksum type

Registered Checksum Types

registered CRC

Registered CRCs

registered encryption key type

Registered Encryption Key Types

registered encryption type

Registered Encryption Types

registered error status code

Registered Error Status Codes/Text/Data

registered host address type

Registered Host Address Types

registered last request

Registered Last Request Types

registered password-to-key mapping

Registered Password-to-Key Mappings

registered protocol message type

Registered Protocol Message Types

registered protocol version number

Registered Protocol Version Numbers

registered RS name

Registered RS Name Types

registered transit path type

Registered Transit Path Types

registration

Registration Service (RS) and RS Editors

Name Service Registration

registration service,

Registration Service (RS) and RS Editors

registration, cross-

Cells-Cross-cell Authentication and Authorisation

registration, cross-cell

Tickets, Keys, and Cross-Registration

registration, of RS

Integration with Naming Services

registry

Extended Registry Attribute Facility

Environmental Parameters and Registry Attributes

Registry Database Encryption

Registry API

registry object

Registry Attributes

Environmental Parameters and Registry Attributes

registry editor

Registration Service (RS) and RS Editors

registry information

RS Information

registry name, data type

RS Names

registry policy, conceptual part of login context

registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

registry,

DCE Security Model

Registration Service (RS) and RS Editors

registry, ACL manager types supported

ACL Manager Types Supported by the RS

registry, editor

DCE Security Model

rejection, of PAC without authentication

Privilege (Authorisation) Service (PS)

relative infallibility

Further Discussion of Certification

relatively well-formed ACL,

ACL Managers, Permissions, Access Determination Algorithms

reliability

Security Attributes: Authenticity, Integrity, Confidentiality

remainder

Outline of the Remainder of this Chapter, and of this Specification

remote

Remote Interfaces

Remote Interfaces, Delegation

Remote Interfaces

renew, in TGS request

Client Sends TGS Request

renewable lifetime

sec_rgy_plcy_auth_t

renewable, in AS response

KDS Server Receives AS Request and Sends AS Response

renewable, in RS information

RS Information

renewable, in TGS request

Client Sends TGS Request

renewable, initialisation

Client Sends AS Request to KDS

renewable, KDS request flag

KDS Request Flags

replay

replay attack

Integration with Time Services

replay attack, detecting via nonce

Client Receives AS Response

replay cache, in RS information

RS Information

replay cache, server checks timestamp against

Server Receives Authentication Header and Sends Reverse-Authentication Header

replica

replica overview

Replication Overview

replica state, data type

Replica States

replica, synonymous with server

RS Binding; rs_bind Interface and sec_rgy_bind API

replicas

Authentication between Replicas

replication

DCE Security Replication and Propagation

Replication Overview

replication model, protocol is future work

RS Binding; rs_bind Interface and sec_rgy_bind API

replication, of network TCB

DCE Security Model

replication, of RS service

RS Binding; rs_bind Interface and sec_rgy_bind API

replist, ACL manager permission

RS Protected Objects and their ACL Manager Types

replist, ACL manager type UUID

RS Protected Objects and their ACL Manager Types

replist, supported ACLE types

RS Protected Objects and their ACL Manager Types

representations

Integer Representations (Endianness)

repudiation

Security Attributes: Authenticity, Integrity, Confidentiality

request

Registered Last Request Types

KDS Request Body

KDS Request Flags

Client Sends AS Request to KDS

KDS Server Receives AS Request and Sends AS Response

Client Sends TGS Request

KDS Server Receives TGS Request and Sends TGS Response

Client Sends PTGS Request

PS Server Receives PTGS Request and Sends PTGS Response

request processing, TGS

TGS Request/Response Processing

request, AS

Kerberos Key Distribution (Authentication) Service (KDS)

request, AS, receipt of

KDS Server Receives AS Request and Sends AS Response

request, KDS

KDS (AS and TGS) Requests

request, processing by AS

AS Request/Response Processing

request, PTGS (data type)

PTGS Requests

request, PTGS processing

PTGS Request/Response Processing

request, PTGS, received

PS Server Receives PTGS Request and Sends PTGS Response

request, service

Kerberos Key Distribution (Authentication) Service (KDS)

request, TGS

Kerberos Key Distribution (Authentication) Service (KDS)

request, TGS, receipt of

KDS Server Receives TGS Request and Sends TGS Response

Request/Response

AS Request/Response Processing

TGS Request/Response Processing

PTGS Request/Response Processing

TGS Request/Response Processing (By KDS)

requestor

direct requestor

requests

Last Requests

KDS (AS and TGS) Requests

PTGS Requests

required

Optional and Required Restrictions

Implementation Variability Regarding Required Rights

Permissions Required

required item

sec_rgy_pgo_flags_t

requirements

Minimum Implementation Requirements

reserved name

PGO Items; rs_pgo RPC Interface

resolution-with-residual support

ACL Editors

resource, proper/improper use

Security Attributes: Authenticity, Integrity, Confidentiality

response

Part of KDS Response to be Encrypted

KDS Server Receives AS Request and Sends AS Response

Client Receives AS Response

KDS Server Receives TGS Request and Sends TGS Response

Client Receives TGS Response

PS Server Receives PTGS Request and Sends PTGS Response

Client Receives PTGS Response

response processing, TGS

TGS Request/Response Processing

response, AS

Kerberos Key Distribution (Authentication) Service (KDS)

response, AS, received by client

Client Receives AS Response

response, AS, sending of

KDS Server Receives AS Request and Sends AS Response

response, processing by AS

AS Request/Response Processing

response, PTGS (data type)

PTGS Responses

response, PTGS processing

PTGS Request/Response Processing

response, PTGS,

PS Server Receives PTGS Request and Sends PTGS Response

response, PTGS, received

Client Receives PTGS Response

response, service

Kerberos Key Distribution (Authentication) Service (KDS)

response, TGS

Kerberos Key Distribution (Authentication) Service (KDS)

response, TGS, construction of

KDS Server Receives TGS Request and Sends TGS Response

response, TGS, receiving

Client Receives TGS Response

response, TGS, sending

KDS Server Receives TGS Request and Sends TGS Response

responses

KDS (AS and TGS) Responses

PTGS Responses

responsibility, of server

DCE Security Model

restriction

Optional and Required Restrictions

Entry Types for Delegate and Target Restrictions

Delegate and Target Restriction Types

Set of Delegation and Target Restrictions

target restrictions

restrictions, data type

Optional and Required Restrictions

Entry Types for Delegate and Target Restrictions

Delegate and Target Restriction Types

Set of Delegation and Target Restrictions

Restrictions, Delegate

Delegation Controls

Restrictions, Optional

Delegation Controls

Restrictions, Required

Delegation Controls

Restrictions, Target

Delegation Controls

reverse authentication, client receives header

Client Receives Reverse-Authentication Header

reverse authentication, header (data type)

Reverse-Authentication Headers

reverse authentication, header omitted

(Reverse-)Authentication Header Processing

reverse authentication, header processing

(Reverse-)Authentication Header Processing

reverse authentication, server sends header

Server Receives Authentication Header and Sends Reverse-Authentication Header

reverse authenticator

Privilege (Authorisation) Service (PS)

REVERSE transformation

Registered Password-to-Key Mappings

Reverse-)Authentication

(Reverse-)Authentication Header Processing

Privilege (Reverse-)Authentication Header Processing

Reverse-Authentication

Reverse-Authentication Headers

Part of Reverse-authentication Header to be Encrypted

Server Receives Authentication Header and Sends Reverse-Authentication Header

Client Receives Reverse-Authentication Header

Privilege Reverse-Authentication Headers

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

Client Receives Privilege Reverse-Authentication Header

revocation, in RS information

RS Information

revoke, implicit when key is deleted

Key Management Facility

revoke, ticket

Key Management Facility

RFC 1320

MD4

RFC 1321

MD5

RFC 1510

Key Distribution (Authentication) Services

The krb5rpc RPC Interface

Principal Names

Host Addresses

Part of Ticket to be Encrypted

RFC 1510, expire time

KDS Request Body

RFC 1510, in CL security

Conversation Manager out_data

rights

Implementation Variability Regarding Required Rights

rights, implementation variability

Implementation Variability Regarding Required Rights

rigour

Generalities on Security-The Architecture of Trust

ritual, login

Accounts; rs_acct RPC interface

root, global

Registered Transit Path Types

rotation

Bitwise Operations and Rotations

rotation,

Bitwise Operations and Rotations

rotations

Bitwise Operations and Rotations

rounds

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

routines

Miscellaneous Routines Needed for DCE Security

RPC

Protected RPC

Policy Item, Policies and Properties; rs_policy RPC Interface

PGO Items; rs_pgo RPC Interface

Accounts; rs_acct RPC interface

Miscellaneous; rs_misc RPC Interface

Integration with RPC Services

RPC Binding Models

RPC Authorisation Extension

The krb5rpc RPC Interface

The rpriv RPC Interface

Protected RPC

Security in the CL RPC Protocol

Security in the CO RPC Protocol

ACL Editor RPC Interface

The rdacl RPC Interface

RS Editor RPC Interfaces

The rs_bind RPC Interface

The rs_policy RPC Interface

The rs_pgo RPC Interface

The rs_acct RPC Interface

The rs_misc RPC Interface

The rs_attr RPC Interface

The rs_attr_schema RPC Interface

The rs_prop_acct RPC Interface

The rs_prop_acl RPC Interface

The rs_prop_attr RPC Interface

The rs_prop_attr_schema RPC Interface

The rs_prop_pgo RPC Interface

The rs_prop_plcy RPC Interface

The rs_prop_replist RPC Interface

The rs_pwd_mgmt RPC Interface

The rs_qry RPC Interface

The rs_repadm RPC Interface

The rs_replist RPC Interface

The rs_repmgr RPC Interface

The rs_rpladmn RPC Interface

The rs_unix RPC Interface

The rs_update RPC Interface

ID Map Facility RPC Interface

The secidmap RPC Interface

Key Management Facility RPC Interface

The Key Management RPC Interface

The scd RPC Interface

RPC binding handle

Identifying Protected Objects and ACLs

RPC interface

The krb5rpc RPC Interface

RPC PDU

What is Specified in this Chapter

RPC server

DCE Security Model

Fundamental Concepts

RPC, binding model

RPC Binding Models

RPC, integration with security

Integration with RPC Services

RPC, profile node

Binding to TCB Servers

RPC, protected,

Protected RPC

RPC, transfer syntax, in pickle

(IDL/NDR) Pickles

RPC, used by all security servers

DCE Security Model

rpc_biding_set_auth_info(), in login facility

rpc_binding_inq_auth_caller(), overview

Integration with RPC Services

rpc_binding_inq_auth_client(), overview

Integration with RPC Services

rpc_binding_inq_auth_info(), overview

Integration with RPC Services

rpc_binding_set_auth_info()

scd_protected_noop()

rpc_binding_set_auth_info(), overview

Integration with RPC Services

rpc_c_authz_name

Name-based versus PAC-based Authorisation

rpc_c_protect_level constants

Protected RPC

rpc_mgmt_inq_server_princ_name(), overview

Integration with RPC Services

rpc_mgmt_set_authorization_fcn(), overview

Integration with RPC Services

rpc_ns_binding_import_*(), binding to security

Binding to TCB Servers

rpc_ns_entry_inq_resolution(), with residual operation

ACL Editors

rpc_server_register_auth_info(), overview

Integration with RPC Services

rpc_syntax_id_t,

(IDL/NDR) Pickles

rpriv

The rpriv RPC Interface

rpriv identity, element of cell-profile node

Binding to TCB Servers

rpriv, metadata explicit in

Integration with RPC Services

RS

Registration Service (RS) and RS Editors

ACL Manager Types Supported by the RS

RS Binding; rs_bind Interface and sec_rgy_bind API

RS Names

Registered RS Name Types

RS Information

RS Editor RPC Interfaces

RS Protected Objects and their ACL Manager Types

Common Data Types and Constants for RS Editors

RS binding

RS Binding; rs_bind Interface and sec_rgy_bind API

RS datastore, data type

sec_rgy_pgo_item_t

RS datastore, lookup by local ID

rs_pgo_unix_num_key_t

RS datastore, lookup by UUID

rs_pgo_id_key_t

RS datastore, management of keys in

Key Management Facility

RS datastore, query (lookup) key

rs_pgo_query_key_t

RS datastore, quota

sec_rgy_pgo_item_t

RS datastore, user-level information

sec_rgy_acct_user_t

RS editor

Registration Service (RS) and RS Editors

RS editor RPC interface, future work

Registration Service (RS) and RS Editors

RS information

RS Information

RS name, data type

RS Names

RS name, registered

Registered RS Name Types

RS namespace, data type

sec_rgy_member_t

RS server, properties (data type)

sec_rgy_properties_flags_t

RS,

Registration Service (RS) and RS Editors

RS, ACL manager types supported

ACL Manager Types Supported by the RS

RS, as reference monitor

ACL Manager Types Supported by the RS

RS, at least one per cell

Cells-Cross-cell Authentication and Authorisation

RS, information (data type)

RS Information

RS, must be registered

Integration with Naming Services

RS, policy attribute

sec_rgy_properties_t

rs_acct

Registration Service (RS) and RS Editors

Accounts; rs_acct RPC interface

The rs_acct RPC Interface

Common Data Types and Constants for rs_acct

Interface UUID and Version Number for rs_acct

rs_acct RPC interface

The rs_acct RPC Interface

rs_acct_add

rs_acct_add()

rs_acct_add(), limited by quota

sec_rgy_pgo_item_t

rs_acct_add(), may modify RS data

sec_rgy_properties_flags_t

rs_acct_add(), overview

Accounts; rs_acct RPC interface

rs_acct_add()

rs_acct_add(), use of rs_acct_key_transmit_t

rs_acct_key_transmit_t

rs_acct_delete

rs_acct_delete()

rs_acct_delete(), may modify RS data

sec_rgy_properties_flags_t

rs_acct_delete(), overview

Accounts; rs_acct RPC interface

rs_acct_delete()

rs_acct_get_projlist

rs_acct_get_projlist()

rs_acct_get_projlist(), overview

Accounts; rs_acct RPC interface

rs_acct_get_projlist()

rs_acct_get_projlist(), part of rs_login_get_info()

rs_login_get_info()

rs_acct_info_t

rs_acct_key_transmit_t

rs_acct_key_transmit_t, data type

rs_acct_key_transmit_t

rs_acct_lookup

rs_acct_lookup()

rs_acct_lookup(), honours sec_rgy_prop_shadow_password

sec_rgy_properties_flags_t

rs_acct_lookup(), overview

Accounts; rs_acct RPC interface

rs_acct_lookup()

rs_acct_lookup(), part of rs_login_get_info()

rs_login_get_info()

rs_acct_parts_t

rs_acct_parts_t, data type

rs_acct_parts_t

rs_acct_rename

rs_acct_rename()

rs_acct_rename(), may modify RS data

sec_rgy_properties_flags_t

rs_acct_rename(), overview

Accounts; rs_acct RPC interface

rs_acct_rename()

rs_acct_replace

rs_acct_replace()

rs_acct_replace(), may modify RS data

sec_rgy_properties_flags_t

rs_acct_replace(), overview

Accounts; rs_acct RPC interface

rs_acct_replace()

rs_acct_replace(), use of rs_acct_key_transmit_t

rs_acct_key_transmit_t

rs_attr

The rs_attr RPC Interface

Common Data Types and Constants for rs_attr

Interface UUID for rs_attr

rs_attr RPC interface

The rs_attr RPC Interface

rs_attr_cursor_init

rs_attr_cursor_init()

rs_attr_cursor_init(), overview

rs_attr_cursor_init()

rs_attr_cursor_t

rs_attr_cursor_t, data type

rs_attr_cursor_t

rs_attr_delete

rs_attr_delete()

rs_attr_delete(), overview

rs_attr_delete()

rs_attr_get_effective

rs_attr_get_effective()

rs_attr_get_effective(), overview

rs_attr_get_effective()

rs_attr_get_referral

rs_attr_get_referral()

rs_attr_get_referral(), overview

rs_attr_get_referral()

rs_attr_lookup_by_id

rs_attr_lookup_by_id()

rs_attr_lookup_by_id(), overview

rs_attr_lookup_by_id()

rs_attr_lookup_by_name

rs_attr_lookup_by_name()

rs_attr_lookup_by_name(), overview

rs_attr_lookup_by_name()

rs_attr_lookup_no_expand

rs_attr_lookup_no_expand()

rs_attr_lookup_no_expand(), overview

rs_attr_lookup_no_expand()

rs_attr_schema

The rs_attr_schema RPC Interface

Common Data Types and Constants for rs_attr_schema

Interface UUID for rs_attr_schema

rs_attr_schema RPC interface

The rs_attr_schema RPC Interface

rs_attr_schema_aclmgr_strings

rs_attr_schema_aclmgr_strings()

rs_attr_schema_aclmgr_strings(), overview

rs_attr_schema_aclmgr_strings()

rs_attr_schema_create_entry

rs_attr_schema_create_entry()

rs_attr_schema_create_entry(), overview

rs_attr_schema_create_entry()

rs_attr_schema_cursor_init

rs_attr_schema_cursor_init()

rs_attr_schema_cursor_init(), overview

rs_attr_schema_cursor_init()

rs_attr_schema_delete_entry

rs_attr_schema_delete_entry()

rs_attr_schema_delete_entry(), overview

rs_attr_schema_delete_entry()

rs_attr_schema_get_acl_mgrs

rs_attr_schema_get_acl_mgrs()

rs_attr_schema_get_acl_mgrs(), overview

rs_attr_schema_get_acl_mgrs()

rs_attr_schema_get_referral

rs_attr_schema_get_referral()

rs_attr_schema_get_referral(), overview

rs_attr_schema_get_referral()

rs_attr_schema_lookup_by_id

rs_attr_schema_lookup_by_id()

rs_attr_schema_lookup_by_id(), overview

rs_attr_schema_lookup_by_id()

rs_attr_schema_lookup_by_name

rs_attr_schema_lookup_by_name()

rs_attr_schema_lookup_by_name(), overview

rs_attr_schema_lookup_by_name()

rs_attr_schema_scan

rs_attr_schema_scan()

rs_attr_schema_scan(), overview

rs_attr_schema_scan()

rs_attr_schema_update_entry

rs_attr_schema_update_entry()

rs_attr_schema_update_entry(), overview

rs_attr_schema_update_entry()

rs_attr_test_and_update

rs_attr_test_and_update()

rs_attr_test_and_update(), overview

rs_attr_test_and_update()

rs_attr_update

rs_attr_update()

rs_attr_update(), overview

rs_attr_update()

rs_auth_policy_get_effective

rs_auth_policy_get_effective()

rs_auth_policy_get_effective(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_auth_policy_get_effective()

rs_auth_policy_get_info

rs_auth_policy_get_info()

rs_auth_policy_get_info(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_auth_policy_get_info()

rs_auth_policy_set_info

rs_auth_policy_set_info()

rs_auth_policy_set_info(), may modify RS data

sec_rgy_properties_flags_t

rs_auth_policy_set_info(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_auth_policy_set_info()

rs_bind

RS Binding; rs_bind Interface and sec_rgy_bind API

The rs_bind RPC Interface

Common Data Types and Constants for rs_bind

Interface UUID and Version Number for rs_bind

rs_bind identity, element of cell-profile node

Binding to TCB Servers

rs_bind interface

RS Binding; rs_bind Interface and sec_rgy_bind API

rs_bind RPC interface

The rs_bind RPC Interface

rs_bind_get_update_site

rs_bind_get_update_site()

rs_bind_get_update_site(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

rs_bind_get_update_site()

rs_cache_data_t

rs_cache_data_t, data type

rs_cache_data_t

rs_check_consistency

rs_check_consistency()

rs_check_consistency(), overview

rs_check_consistency()

rs_encrypted_pickle_t

rs_encrypted_pickle_t, data type

rs_encrypted_pickle_t

rs_login_get_info

rs_login_get_info()

rs_login_get_info(), honours sec_rgy_prop_shadow_password

sec_rgy_properties_flags_t

rs_login_get_info(), overview

Miscellaneous; rs_misc RPC Interface

rs_login_get_info()

rs_login_info_t

rs_login_info_t, data type

rs_login_info_t

rs_misc

Miscellaneous; rs_misc RPC Interface

The rs_misc RPC Interface

Common Data Types and Constants for rs_misc

Interface UUID and Version Number for rs_misc

rs_misc interface

Miscellaneous; rs_misc RPC Interface

rs_misc RPC interface

The rs_misc RPC Interface

rs_ns_entry_validate

rs_pgo

Registration Service (RS) and RS Editors

PGO Items; rs_pgo RPC Interface

The rs_pgo RPC Interface

Common Data Types and Constants for rs_pgo

Interface UUID and Version Number for rs_pgo

rs_pgo RPC interface

The rs_pgo RPC Interface

rs_pgo_add

rs_pgo_add()

rs_pgo_add(), limited by quota

sec_rgy_pgo_item_t

rs_pgo_add(), may modify RS data

sec_rgy_properties_flags_t

rs_pgo_add(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_add()

rs_pgo_add_member

rs_pgo_add_member()

rs_pgo_add_member(), may modify RS data

sec_rgy_properties_flags_t

rs_pgo_add_member(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_add_member()

rs_pgo_delete

rs_pgo_delete()

rs_pgo_delete(), may modify RS data

sec_rgy_properties_flags_t

rs_pgo_delete(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_delete()

rs_pgo_delete_member

rs_pgo_delete_member()

rs_pgo_delete_member(), may modify RS data

sec_rgy_properties_flags_t

rs_pgo_delete_member(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_delete_member()

rs_pgo_get

rs_pgo_get()

rs_pgo_get(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_get()

rs_pgo_get_members

rs_pgo_get_members()

rs_pgo_get_members(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_get_members()

rs_pgo_id_key_t

rs_pgo_id_key_t, data type

rs_pgo_id_key_t

rs_pgo_is_member

rs_pgo_is_member()

rs_pgo_is_member(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_is_member()

rs_pgo_key_transfer

rs_pgo_key_transfer()

rs_pgo_key_transfer(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_key_transfer()

rs_pgo_query_key_t

rs_pgo_query_key_t, data type

rs_pgo_query_key_t

rs_pgo_query_result_t

rs_pgo_query_result_t, data type

rs_pgo_query_result_t

rs_pgo_query_t

rs_pgo_query_t, data type

rs_pgo_query_t

rs_pgo_rename

rs_pgo_rename()

rs_pgo_rename(), may modify RS data

sec_rgy_properties_flags_t

rs_pgo_rename(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_rename()

rs_pgo_replace

rs_pgo_replace()

rs_pgo_replace(), may modify RS data

sec_rgy_properties_flags_t

rs_pgo_replace(), overview

PGO Items; rs_pgo RPC Interface

rs_pgo_replace()

rs_pgo_result_t

rs_pgo_result_t, data type

rs_pgo_result_t

rs_pgo_unix_num_key_t

rs_pgo_unix_num_key_t, data type

rs_pgo_unix_num_key_t

rs_policy

Registration Service (RS) and RS Editors

Policy Item, Policies and Properties; rs_policy RPC Interface

The rs_policy RPC Interface

Common Data Types and Constants for rs_policy

Interface UUID and Version Number for rs_policy

rs_policy RPC interface

The rs_policy RPC Interface

rs_policy_get_effective

rs_policy_get_effective()

rs_policy_get_effective(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_policy_get_effective()

rs_policy_get_info

rs_policy_get_info()

rs_policy_get_info(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_policy_get_info()

rs_policy_get_info(), part of rs_login_get_info()

rs_login_get_info()

rs_policy_set_info

rs_policy_set_info()

rs_policy_set_info(), may modify RS data

sec_rgy_properties_flags_t

rs_policy_set_info(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_policy_set_info()

rs_prop_acct

The rs_prop_acct RPC Interface

Common Data Types and Constants for rs_prop_acct

Interface UUID and Version Number for rs_prop_acct

rs_prop_acct RPC interface

The rs_prop_acct RPC Interface

rs_prop_acct_add

rs_prop_acct_add()

rs_prop_acct_add(), overview

rs_prop_acct_add()

rs_prop_acct_add_data_t

rs_prop_acct_add_data_t, data type

rs_prop_acct_add_data_t

rs_prop_acct_add_key_version

rs_prop_acct_add_key_version()

rs_prop_acct_add_key_version(), overview

rs_prop_acct_add_key_version()

rs_prop_acct_delete

rs_prop_acct_delete()

rs_prop_acct_delete(), overview

rs_prop_acct_delete()

rs_prop_acct_key_data_t

rs_prop_acct_key_data_t, data type

rs_prop_acct_key_data_t

rs_prop_acct_rename

rs_prop_acct_rename()

rs_prop_acct_rename(), overview

rs_prop_acct_rename()

rs_prop_acct_replace

rs_prop_acct_replace()

rs_prop_acct_replace(), overview

rs_prop_acct_replace()

rs_prop_acl

The rs_prop_acl RPC Interface

Common Data Types and Constants for rs_prop_acl

Interface UUID and Version Number for rs_prop_acl

rs_prop_acl RPC interface

The rs_prop_acl RPC Interface

rs_prop_acl_data_t

rs_prop_acl_data_t, data type

rs_prop_acl_data_t

rs_prop_acl_replace

rs_prop_acl_replace()

rs_prop_acl_replace(), overview

rs_prop_acl_replace()

rs_prop_attr

The rs_prop_attr RPC Interface

Common Data Types and Constants for rs_prop_attr

Interface UUID and Version Number for rs_prop_attr

rs_prop_attr RPC interface

The rs_prop_attr RPC Interface

rs_prop_attr_data_t

rs_prop_attr_data_t, data type

rs_prop_attr_data_t

rs_prop_attr_delete

rs_prop_attr_delete()

rs_prop_attr_delete(), overview

rs_prop_attr_delete()

rs_prop_attr_list_t

rs_prop_attr_list_t, data type

rs_prop_attr_list_t

rs_prop_attr_sch_create_data_t

rs_prop_attr_sch_create_data_t, data type

rs_prop_attr_sch_create_data_t

rs_prop_attr_schema

The rs_prop_attr_schema RPC Interface

Common Data Types and Constants for rs_prop_attr_schema

Interface UUID and Version Number for rs_prop_attr_schema

rs_prop_attr_schema RPC interface

The rs_prop_attr_schema RPC Interface

rs_prop_attr_schema_create

rs_prop_attr_schema_create()

rs_prop_attr_schema_create(), overview

rs_prop_attr_schema_create()

rs_prop_attr_schema_delete

rs_prop_attr_schema_delete()

rs_prop_attr_schema_delete(), overview

rs_prop_attr_schema_delete()

rs_prop_attr_schema_update

rs_prop_attr_schema_update()

rs_prop_attr_schema_update(), overview

rs_prop_attr_schema_update()

rs_prop_attr_update

rs_prop_attr_update()

rs_prop_attr_update(), overview

rs_prop_attr_update()

rs_prop_auth_plcy_set_info

rs_prop_auth_plcy_set_info()

rs_prop_auth_plcy_set_info(), overview

rs_prop_auth_plcy_set_info()

rs_prop_pgo

The rs_prop_pgo RPC Interface

Common Data Types and Constants for rs_prop_pgo

Interface UUID and Version Number for rs_prop_pgo

rs_prop_pgo RPC interface

The rs_prop_pgo RPC Interface

rs_prop_pgo_add

rs_prop_pgo_add()

rs_prop_pgo_add(), overview

rs_prop_pgo_add()

rs_prop_pgo_add_data_t

rs_prop_pgo_add_data_t, data type

rs_prop_pgo_add_data_t

rs_prop_pgo_add_member

rs_prop_pgo_add_member()

rs_prop_pgo_add_member(), overview

rs_prop_pgo_add_member()

rs_prop_pgo_delete

rs_prop_pgo_delete()

rs_prop_pgo_delete(), overview

rs_prop_pgo_delete()

rs_prop_pgo_delete_member

rs_prop_pgo_delete_member()

rs_prop_pgo_delete_member(), overview

rs_prop_pgo_delete_member()

rs_prop_pgo_rename

rs_prop_pgo_rename()

rs_prop_pgo_rename(), overview

rs_prop_pgo_rename()

rs_prop_pgo_replace

rs_prop_pgo_replace()

rs_prop_pgo_replace(), overview

rs_prop_pgo_replace()

rs_prop_plcy

The rs_prop_plcy RPC Interface

Interface UUID and Version Number for rs_prop_plcy

rs_prop_plcy RPC interface

The rs_prop_plcy RPC Interface

rs_prop_plcy_set_dom_cache_info

rs_prop_plcy_set_dom_cache_info()

rs_prop_plcy_set_dom_cache_info(), overview

rs_prop_plcy_set_dom_cache_info()

rs_prop_plcy_set_info

rs_prop_plcy_set_info()

rs_prop_plcy_set_info(), overview

rs_prop_plcy_set_info()

rs_prop_properties_set_info

rs_prop_properties_set_info()

rs_prop_properties_set_info(), overview

rs_prop_properties_set_info()

rs_prop_replist

The rs_prop_replist RPC Interface

Interface UUID and Version Number for rs_prop_replist

rs_prop_replist RPC interface

The rs_prop_replist RPC Interface

rs_prop_replist_add_replica

rs_prop_replist_add_replica()

rs_prop_replist_add_replica(), overview

rs_prop_replist_add_replica()

rs_prop_replist_del_replica

rs_prop_replist_del_replica()

rs_prop_replist_del_replica(), overview

rs_prop_replist_del_replica()

rs_properties_get_info

rs_properties_get_info()

rs_properties_get_info(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_properties_get_info()

rs_properties_get_info(), part of rs_login_get_info()

rs_login_get_info()

rs_properties_set_info

rs_properties_set_info()

rs_properties_set_info(), may modify RS data

sec_rgy_properties_flags_t

rs_properties_set_info(), overview

Policy Item, Policies and Properties; rs_policy RPC Interface

rs_properties_set_info()

rs_pwd_mgmt

The rs_pwd_mgmt RPC Interface

Common Data Types and Constants for rs_pwd_mgmt

Interface UUID and Version Number for rs_pwd_mgmt

rs_pwd_mgmt RPC interface

The rs_pwd_mgmt RPC Interface

rs_pwd_mgmt_plcy_t

rs_pwd_mgmt_plcy_t, data type

rs_pwd_mgmt_plcy_t

rs_pwd_mgmt_setup

rs_pwd_mgmt_setup()

rs_pwd_mgmt_setup(), overview

rs_pwd_mgmt_setup()

rs_qry

The rs_qry RPC Interface

Interface UUID and Version Number for rs_qry

rs_qry RPC interface

The rs_qry RPC Interface

rs_query_are_you_there

rs_query_are_you_there()

rs_query_are_you_there(), overview

rs_query_are_you_there()

rs_rep_admin_become_master

rs_rep_admin_become_master()

rs_rep_admin_become_master(), overview

rs_rep_admin_become_master()

rs_rep_admin_become_slave

rs_rep_admin_become_slave()

rs_rep_admin_become_slave(), overview

rs_rep_admin_become_slave()

rs_rep_admin_change_master

rs_rep_admin_change_master()

rs_rep_admin_change_master(), overview

rs_rep_admin_change_master()

rs_rep_admin_destroy

rs_rep_admin_destroy()

rs_rep_admin_destroy(), overview

rs_rep_admin_destroy()

rs_rep_admin_info

rs_rep_admin_info()

rs_rep_admin_info(), overview

rs_rep_admin_info()

rs_rep_admin_info_full

rs_rep_admin_info_full()

rs_rep_admin_info_full(), overview

rs_rep_admin_info_full()

rs_rep_admin_init_replica

rs_rep_admin_init_replica()

rs_rep_admin_init_replica(), overview

rs_rep_admin_init_replica()

rs_rep_admin_maint

rs_rep_admin_maint()

rs_rep_admin_maint(), overview

rs_rep_admin_maint()

rs_rep_admin_mkey

rs_rep_admin_mkey()

rs_rep_admin_mkey(), overview

rs_rep_admin_mkey()

rs_rep_admin_stop

rs_rep_admin_stop()

rs_rep_admin_stop(), overview

rs_rep_admin_stop()

rs_rep_mgr_become_master

rs_rep_mgr_become_master()

rs_rep_mgr_become_master(), overview

rs_rep_mgr_become_master()

rs_rep_mgr_copy_all

rs_rep_mgr_copy_all()

rs_rep_mgr_copy_all(), overview

rs_rep_mgr_copy_all()

rs_rep_mgr_copy_propq

rs_rep_mgr_copy_propq()

rs_rep_mgr_copy_propq(), overview

rs_rep_mgr_copy_propq()

rs_rep_mgr_get_info_and_creds

rs_rep_mgr_get_info_and_creds()

rs_rep_mgr_get_info_and_creds(), overview

rs_rep_mgr_get_info_and_creds()

rs_rep_mgr_i_am_master

rs_rep_mgr_i_am_master()

rs_rep_mgr_i_am_master(), overview

rs_rep_mgr_i_am_master()

rs_rep_mgr_i_am_slave

rs_rep_mgr_i_am_slave()

rs_rep_mgr_i_am_slave(), overview

rs_rep_mgr_i_am_slave()

rs_rep_mgr_init

rs_rep_mgr_init()

rs_rep_mgr_init(), overview

rs_rep_mgr_init()

rs_rep_mgr_init_done

rs_rep_mgr_init_done()

rs_rep_mgr_init_done(), overview

rs_rep_mgr_init_done()

rs_rep_mgr_stop_until_compat_sw

rs_rep_mgr_stop_until_compat_sw()

rs_rep_mgr_stop_until_compat_sw(), overview

rs_rep_mgr_stop_until_compat_sw()

rs_repadm

The rs_repadm RPC Interface

Common Data Types and Constants for rs_repadm

Interface UUID and Version Number for rs_repadm

rs_repadm RPC interface

The rs_repadm RPC Interface

rs_replica_auth_p_t

rs_replica_auth_t and rs_replica_auth_p_t

rs_replica_auth_p_t, data type

rs_replica_auth_t and rs_replica_auth_p_t

rs_replica_auth_t

rs_replica_auth_t and rs_replica_auth_p_t

rs_replica_auth_t, data type

rs_replica_auth_t and rs_replica_auth_p_t

rs_replica_comm_info_t

rs_replica_comm_info_t, data type

rs_replica_comm_info_t

rs_replica_comm_t

rs_replica_comm_t, data type

rs_replica_comm_t

rs_replica_info_t

rs_replica_info_t, data type

rs_replica_info_t

rs_replica_item_full_t

rs_replica_item_full_t, data type

rs_replica_item_full_t

rs_replica_item_p_t

rs_replica_item_t and rs_replica_item_p_t

rs_replica_item_p_t, data type

rs_replica_item_t and rs_replica_item_p_t

rs_replica_item_t

rs_replica_item_t and rs_replica_item_p_t

rs_replica_item_t, data type

rs_replica_item_t and rs_replica_item_p_t

rs_replica_master_info_p_t

rs_replica_master_info_t and rs_replica_master_info_p_t

rs_replica_master_info_p_t, data type

rs_replica_master_info_t and rs_replica_master_info_p_t

rs_replica_master_info_t

rs_replica_master_info_t and rs_replica_master_info_p_t

rs_replica_master_info_t, data type

rs_replica_master_info_t and rs_replica_master_info_p_t

rs_replica_name_p_t

rs_replica_name_p_t, data type

rs_replica_name_p_t

rs_replica_prop_info_t

rs_replica_prop_info_t, data type

rs_replica_prop_info_t

rs_replica_prop_t

rs_replica_prop_t, data type

rs_replica_prop_t

rs_replica_twr_vec_p_t

rs_replica_twr_vec_p_t, data type

rs_replica_twr_vec_p_t

rs_replist

The rs_replist RPC Interface

Common Data Types and Constants for rs_replist

Interface UUID and Version Number for rs_replist

rs_replist RPC interface

The rs_replist RPC Interface

rs_replist_add_replica

rs_replist_add_replica()

rs_replist_add_replica(), overview

rs_replist_add_replica()

rs_replist_delete_replica

rs_replist_delete_replica()

rs_replist_delete_replica(), overview

rs_replist_delete_replica()

rs_replist_read

rs_replist_read()

rs_replist_read(), overview

rs_replist_read()

rs_replist_read_full

rs_replist_read_full()

rs_replist_read_full(), overview

rs_replist_read_full()

rs_replist_replace_replica

rs_replist_replace_replica()

rs_replist_replace_replica(), overview

rs_replist_replace_replica()

rs_repmgr

The rs_repmgr RPC Interface

Common Data Types and Constants for rs_repmgr

Interface UUID and Version Number for rs_repmgr

rs_repmgr RPC interface

The rs_repmgr RPC Interface

rs_rpladmn

The rs_rpladmn RPC Interface

Interface UUID and Version Number for rs_rpladmn

rs_rpladmn RPC interface

The rs_rpladmn RPC Interface

rs_sw_version_t

rs_sw_version_t, data type

rs_sw_version_t

rs_unix

The rs_unix RPC Interface

Common Data Types and Constants for rs_unix

Interface UUID and Version Number for rs_unix

rs_unix RPC interface

The rs_unix RPC Interface

rs_unix_getmemberents

rs_unix_getmemberents()

rs_unix_getmemberents(), overview

rs_unix_getmemberents()

rs_unix_getpwents

rs_unix_getpwents()

rs_unix_getpwents(), overview

rs_unix_getpwents()

rs_unix_query_key_t

rs_unix_query_key_t, data type

rs_unix_query_key_t

rs_unix_query_t

rs_unix_query_t, data type

rs_unix_query_t

rs_update

The rs_update RPC Interface

Interface UUID and Version Number for rs_update

rs_update RPC interface

The rs_update RPC Interface

rs_update_seqno_t

rs_update_seqno_t, data type

rs_update_seqno_t

rs_wait_until_consistent

rs_wait_until_consistent()

rs_wait_until_consistent(), overview

rs_wait_until_consistent()

rsec_id_gen_name

rsec_id_gen_name()

rsec_id_gen_name(), overview

ID Map Facility

rsec_id_gen_name()

rsec_id_gen_name_cache

rsec_id_gen_name_cache()

rsec_id_gen_name_cache(), overview

ID Map Facility

rsec_id_gen_name_cache()

rsec_id_output_selector_t

rsec_id_output_selector_t, data type

rsec_id_output_selector_t

rsec_id_parse_name

rsec_id_parse_name()

rsec_id_parse_name(), overview

ID Map Facility

rsec_id_parse_name()

rsec_id_parse_name_cache

rsec_id_parse_name_cache()

rsec_id_parse_name_cache(), overview

ID Map Facility

rsec_id_parse_name_cache()

rule-based policy

Policy versus Service versus Mechanism

rules for inheritance of ACLs,

Object Types, ACL Types, and ACL Inheritance

s

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

S-boxes

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

salt

Third-Party Pre-Authentication Protocol

Registered Password-to-Key Mappings

salt, in RS information

RS Information

salt, zero-length

Registered Authentication Data Types

same cell, PTGS processing

PTGS Request/Response Processing

sample

Sample Cell Profile Entries

SCD

The scd RPC Interface

Common Data Types and Constants for scd Interface

Interface UUID and Version Number for scd Interface

scd RPC interface

The scd RPC Interface

scd_protected_noop

scd_protected_noop()

scd_protected_noop(), overview

Delegation-Related Functions

scd_protected_noop()

scenario

The Complete Cross-cell Scenario

schedule

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

schema

Attribute Schema

Schema Entries

Schemas for Well-Known Attributes

Schemas, Well-known Attributes

Schemas for Well-Known Attributes

scientific notation, in example

Use of Pseudocode

scope

Attribute Scope

scramble

Encoding/Decoding and Encryption/Decryption of Messages

seal

Supported Seal Types

EPAC Seal

Seal, List of

List of Seals

seals

List of Seals

seat portability

Minimum Implementation Requirements

sec-junction

Integration with Naming Services

sec-rgy_handle_t

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_acl

ACL Editors

sec_acl, enumeration of functions

ACL Editors

sec_acl, one-way authentication

ACL Editors

sec_acl_bind

sec_acl_bind(), overview

ACL Editors

sec_acl_bind_to_addr

sec_acl_bind_to_addr(), overview

ACL Editors

sec_acl_calc_mask

sec_acl_calc_mask(), and POSIX

ACL Editors

sec_acl_calc_mask(), overview

ACL Editors

sec_acl_component_name_t

sec_acl_component_name_t,

sec_acl_component_name_t

sec_acl_entry_t,

ACLEs

sec_acl_entry_type_t,

ACLE Types

sec_acl_get_access

sec_acl_get_access(), overview

ACL Editors

sec_acl_get_error_info

sec_acl_get_error_info(), overview

ACL Editors

sec_acl_get_manager_types

sec_acl_get_manager_types(), overview

ACL Editors

sec_acl_get_mgr_types_semantics

sec_acl_get_mgr_types_semantics(), overview

ACL Editors

sec_acl_get_printstring

sec_acl_get_printstring(), overview

ACL Editors

sec_acl_list_t

sec_acl_list_t,

sec_acl_list_t

sec_acl_lookup

sec_acl_lookup(), overview

ACL Editors

sec_acl_p_t

sec_acl_p_t,

sec_acl_p_t

sec_acl_perm_ bits,

Common Permissions

sec_acl_permset_t,

ACLE Permission Sets

sec_acl_posix_semantics_t

sec_acl_posix_semantics_t,

sec_acl_posix_semantics_t

sec_acl_printstring_t,

Printstrings and Helpstrings

sec_acl_release

sec_acl_release(), overview

ACL Editors

sec_acl_release_handle

sec_acl_release_handle(), overview

ACL Editors

sec_acl_replace

sec_acl_replace(), overview

ACL Editors

sec_acl_result_t

sec_acl_result_t,

sec_acl_result_t

sec_acl_t,

ACLs

sec_acl_test_access

sec_acl_test_access(), overview

ACL Editors

sec_acl_test_access_on_behalf

sec_acl_test_access_on_behalf(), overview

ACL Editors

sec_acl_tower_set_t

sec_acl_tower_set_t,

sec_acl_tower_set_t

sec_acl_twr_ref_t

sec_acl_twr_ref_t,

sec_acl_twr_ref_t

sec_acl_type_t,

ACL Types

sec_attr_acl_mgr_info_p_t, data type

sec_attr_acl_mgr_info_t

sec_attr_acl_mgr_info_set_t

sec_attr_acl_mgr_info_set_t, data type

sec_attr_acl_mgr_info_set_t

sec_attr_acl_mgr_info_t

sec_attr_acl_mgr_info_t, data type

sec_attr_acl_mgr_info_t

sec_attr_bind_auth_info_t

sec_attr_bind_auth_info_t, data type

sec_attr_bind_auth_info_t

sec_attr_bind_auth_info_type_t

sec_attr_bind_auth_info_type_t, data type

sec_attr_bind_auth_info_type_t

sec_attr_bind_info_t

sec_attr_bind_info_t, data type

sec_attr_bind_info_t

sec_attr_bind_svrname

sec_attr_bind_svrname, data type

sec_attr_bind_svrname

sec_attr_bind_type_t

sec_attr_bind_type_t, data type

sec_attr_bind_type_t

sec_attr_binding_t

sec_attr_binding_t, data type

sec_attr_binding_t

sec_attr_component_name_t

sec_attr_component_name_t, data type

sec_attr_component_name_t

sec_attr_enc_attr_set_t

sec_attr_enc_attr_set_t, data type

sec_attr_enc_attr_set_t

sec_attr_enc_bytes_t

sec_attr_enc_bytes_t, data type

sec_attr_enc_bytes_t

sec_attr_enc_printstring_p_t

sec_attr_enc_printstring_p_t, data type

sec_attr_enc_printstring_p_t

sec_attr_enc_str_array_t

sec_attr_enc_str_array_t, data type

sec_attr_enc_str_array_t

sec_attr_encoding_t

sec_attr_encoding_t, data type

sec_attr_encoding_t

sec_attr_i18n_data_t

sec_attr_i18n_data_t, data type

sec_attr_i18n_data_t

sec_attr_intercell_action_t

sec_attr_intercell_action_t, data type

sec_attr_intercell_action_t

sec_attr_sch_entry_flags_t

sec_attr_sch_entry_flags_t, data type

sec_attr_sch_entry_flags_t

sec_attr_schema_entry_parts_t

sec_attr_schema_entry_parts_t, data type

sec_attr_schema_entry_parts_t

sec_attr_schema_entry_t

sec_attr_schema_entry_t, data type

sec_attr_schema_entry_t

sec_attr_t

sec_attr_t, data type

sec_attr_t

sec_attr_trig_type_flags_t

sec_attr_trig_type_flags_t, data type

sec_attr_trig_type_flags_t

sec_attr_twr_ref_t

sec_attr_twr_ref_t, data type

sec_attr_twr_ref_t

sec_attr_twr_set_p_t, data type

sec_attr_twr_set_t

sec_attr_twr_set_t, data type

sec_attr_twr_set_t

sec_attr_value_t

sec_attr_value_t, data type

sec_attr_value_t

sec_attr_vec_t

sec_attr_vec_t, data type

sec_attr_vec_t

sec_bytes_t

sec_bytes_t, data type

sec_bytes_t

sec_chksum_t

sec_chksum_t, data type

sec_chksum_t

sec_chksum_type_t

sec_chksum_type_t, data type

sec_chksum_type_t

sec_cred

The sec_cred API for Abstracting EPAC Contents

EPAC Accessor Function (sec_cred) API

sec_cred_free_attr_cursor

sec_cred_free_cursor

sec_cred_free_pa_handle

sec_cred_get_authz_session_info

sec_cred_get_client_princ_name

sec_cred_get_deleg_restrictions

sec_cred_get_delegate

sec_cred_get_delegation_type

sec_cred_get_extended_attrs

sec_cred_get_initiator

sec_cred_get_opt_restrictions

sec_cred_get_pa_data

sec_cred_get_req_restrictions

sec_cred_get_tgt_restrictions

sec_cred_get_v1_pac

sec_cred_initialize_attr_cursor

sec_cred_initialize_cursor

sec_cred_is_authenticated

sec_encrypted_bytes_t

sec_encrypted_bytes_t, data type

sec_encrypted_bytes_t

sec_etype_t

sec_etype_t, data type

sec_etype_t

sec_id API

ID Map Facility

sec_id_gen_group

sec_id_gen_group(), overview

ID Map Facility

sec_id_gen_name

sec_id_gen_name(), overview

ID Map Facility

sec_id_parse_group

sec_id_parse_group(), overview

ID Map Facility

sec_id_parse_name

sec_id_parse_name(), overview

ID Map Facility

sec_key_mgmt API

Key Management Facility

sec_key_mgmt_change_key

sec_key_mgmt_change_key(), overview

Key Management Facility

sec_key_mgmt_delete_key

sec_key_mgmt_delete_key(), overview

Key Management Facility

sec_key_mgmt_delete_key_type

sec_key_mgmt_delete_key_type(), overview

Key Management Facility

sec_key_mgmt_free_key

sec_key_mgmt_free_key(), overview

Key Management Facility

sec_key_mgmt_garbage_collect

sec_key_mgmt_garbage_collect(), overview

Key Management Facility

sec_key_mgmt_gen_rand_key

sec_key_mgmt_gen_rand_key(), overview

Key Management Facility

sec_key_mgmt_get_key

sec_key_mgmt_get_key(), overview

Key Management Facility

sec_key_mgmt_get_next_key

sec_key_mgmt_get_next_key(), overview

Key Management Facility

sec_key_mgmt_get_next_kvno

sec_key_mgmt_get_next_kvno(), overview

Key Management Facility

sec_key_mgmt_initialize_cursor

sec_key_mgmt_initialize_cursor(), overview

Key Management Facility

sec_key_mgmt_manage_key

sec_key_mgmt_manage_key(), overview

Key Management Facility

sec_key_mgmt_release_cursor

sec_key_mgmt_release_cursor(), overview

Key Management Facility

sec_key_mgmt_set_key

sec_key_mgmt_set_key(), overview

Key Management Facility

sec_key_version_t

sec_key_version_t, data type

sec_key_version_t

sec_login API

sec_login API, used during login

sec_login Extensions

Enabling and Disabling Delegation

sec_login_become_delegate

sec_login_become_delegate(), overview

Delegation-Related Functions

sec_login_become_impersonator

sec_login_become_impersonator(), overview

Delegation-Related Functions

sec_login_become_initiator

sec_login_become_initiator(), overview

Delegation-Related Functions

sec_login_certify_identity

sec_login_certify_identity(), and process privilege

Further Discussion of Certification

sec_login_certify_identity(), overview

sec_login_cred_get_delegate

sec_login_cred_get_delegate(), overview

Delegation-Related Functions

sec_login_cred_get_initiator

sec_login_cred_get_initiator(), overview

Delegation-Related Functions

sec_login_cred_init_cursor

sec_login_cred_init_cursor(), overview

Delegation-Related Functions

sec_login_disable_delegation

sec_login_disable_delegation(), overview

Delegation-Related Functions

sec_login_export_context

sec_login_export_context(), overview

sec_login_free_net_info

sec_login_free_net_info(), overview

sec_login_get_current_context

sec_login_get_current_context(), overview

sec_login_get_expiration

sec_login_get_expiration(), overview

sec_login_get_groups

sec_login_get_groups(), overview

sec_login_get_pwent

sec_login_get_pwent(), overview

sec_login_import_context

sec_login_import_context(), overview

sec_login_init_first

sec_login_init_first(), overview

sec_login_inquire_net_info

sec_login_inquire_net_info(), overview

sec_login_newgroups

sec_login_newgroups(), overview

sec_login_purge_context

sec_login_purge_context(), overview

sec_login_purge_context_exp

sec_login_purge_context_exp(), overview

Delegation-Related Functions

sec_login_refresh_identity

sec_login_refresh_identity(), overview

sec_login_release_context

sec_login_release_context(), overview

sec_login_set_context

sec_login_set_context(), overview

sec_login_set_extended_attrs

sec_login_set_extended_attrs(), overview

Delegation-Related Functions

sec_login_setup_first

sec_login_setup_first(), overview

sec_login_setup_identity

sec_login_setup_identity(), overview

sec_login_tkt_request_options

sec_login_tkt_request_options(), overview

Delegation-Related Functions

sec_login_valid_and_cert_ident

sec_login_valid_and_cert_ident(), overview

sec_login_valid_and_cert_ident(), reason for being privileged

Further Discussion of Certification

sec_login_validate_first

sec_login_validate_first(), overview

sec_login_validate_identity

sec_login_validate_identity(), overview

sec_passwd_des_key_t

sec_passwd_des_key_t, data type

sec_passwd_des_key_t

sec_passwd_rec_t

sec_passwd_rec_t, data type

sec_passwd_rec_t

sec_passwd_type_t

sec_passwd_type_t, data type

sec_passwd_type_t

sec_passwd_version_t

sec_passwd_version_t, data type

sec_passwd_version_t

sec_rgy_acct_add

sec_rgy_acct_admin_flags_t

sec_rgy_acct_admin_flags_t, data type

sec_rgy_acct_admin_flags_t

sec_rgy_acct_admin_replace

sec_rgy_acct_admin_t

sec_rgy_acct_admin_t, data type

sec_rgy_acct_admin_t

sec_rgy_acct_auth_flags_t

sec_rgy_acct_auth_flags_t, data type

sec_rgy_acct_auth_flags_t

sec_rgy_acct_delete

sec_rgy_acct_get_projlist

sec_rgy_acct_key_t

sec_rgy_acct_key_t, data type

sec_rgy_acct_key_t

sec_rgy_acct_lookup

sec_rgy_acct_passwd

sec_rgy_acct_rename

sec_rgy_acct_replace_all

sec_rgy_acct_user_flags_t

sec_rgy_acct_user_flags_t, data type

sec_rgy_acct_user_flags_t

sec_rgy_acct_user_replace

sec_rgy_acct_user_t

sec_rgy_acct_user_t, data type

sec_rgy_acct_user_t

sec_rgy_attr_cursor_alloc

sec_rgy_attr_cursor_init

sec_rgy_attr_cursor_release

sec_rgy_attr_cursor_reset

sec_rgy_attr_delete

sec_rgy_attr_get_effective

sec_rgy_attr_lookup_by_id

sec_rgy_attr_lookup_by_name

sec_rgy_attr_lookup_no_expand

sec_rgy_attr_sch_aclmgr_strings

sec_rgy_attr_sch_create_entry

sec_rgy_attr_sch_cursor_alloc

sec_rgy_attr_sch_cursor_init

sec_rgy_attr_sch_cursor_release

sec_rgy_attr_sch_cursor_reset

sec_rgy_attr_sch_delete_entry

sec_rgy_attr_sch_get_acl_mgrs

sec_rgy_attr_sch_lookup_by_id

sec_rgy_attr_sch_lookup_by_name

sec_rgy_attr_sch_scan

sec_rgy_attr_sch_update_entry

sec_rgy_attr_test_and_update

sec_rgy_attr_update

sec_rgy_auth_plcy_get_effective

sec_rgy_auth_plcy_get_info

sec_rgy_auth_plcy_set_info

sec_rgy_bind

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_bind interface

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_cell_bind

sec_rgy_cell_bind(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_cursor_reset

sec_rgy_cursor_t

sec_rgy_cursor_t, data type

sec_rgy_cursor_t

sec_rgy_domain_t

sec_rgy_domain_t, data type

sec_rgy_domain_t

sec_rgy_foreign_id_t

sec_rgy_foreign_id_t, data type

sec_rgy_foreign_id_t

sec_rgy_handle_t

sec_rgy_login_get_effective

sec_rgy_login_get_info

sec_rgy_login_name_t

sec_rgy_login_name_t, data type

sec_rgy_login_name_t

sec_rgy_member_buf_t

sec_rgy_member_buf_t, data type

sec_rgy_member_buf_t

sec_rgy_member_t

sec_rgy_member_t, data type

sec_rgy_member_t

sec_rgy_name_t, data type

sec_rgy_name_t-Short and Long PGO Names

sec_rgy_name_t-Short

sec_rgy_name_t-Short and Long PGO Names

sec_rgy_pgo_add

sec_rgy_pgo_add_member

sec_rgy_pgo_delete

sec_rgy_pgo_delete_member

sec_rgy_pgo_flags_t

sec_rgy_pgo_flags_t, data type

sec_rgy_pgo_flags_t

sec_rgy_pgo_get_by_eff_unix_num

sec_rgy_pgo_get_by_id

sec_rgy_pgo_get_by_name

sec_rgy_pgo_get_by_unix_num

sec_rgy_pgo_get_members

sec_rgy_pgo_get_next

sec_rgy_pgo_id_to_name

sec_rgy_pgo_id_to_unix_num

sec_rgy_pgo_is_member

sec_rgy_pgo_item_t

sec_rgy_pgo_item_t, data type

sec_rgy_pgo_item_t

sec_rgy_pgo_name_to_id

sec_rgy_pgo_name_to_unix_num

sec_rgy_pgo_rename

sec_rgy_pgo_replace

sec_rgy_pgo_unix_num_to_id

sec_rgy_pgo_unix_num_to_name

sec_rgy_plcy_auth_t

sec_rgy_plcy_auth_t, data type

sec_rgy_plcy_auth_t

sec_rgy_plcy_get_effective

sec_rgy_plcy_get_info

sec_rgy_plcy_pwd_flags_t

sec_rgy_plcy_pwd_flags_t, data type

sec_rgy_plcy_pwd_flags_t

sec_rgy_plcy_set_info

sec_rgy_plcy_t

sec_rgy_plcy_t, data type

sec_rgy_plcy_t

sec_rgy_pname_t

sec_rgy_pname_t, data type

sec_rgy_pname_t

sec_rgy_properties_flags_t

sec_rgy_properties_flags_t, data type

sec_rgy_properties_flags_t

sec_rgy_properties_get_info

sec_rgy_properties_set_info

sec_rgy_properties_t

sec_rgy_properties_t, data type

sec_rgy_properties_t

sec_rgy_sid_t

sec_rgy_sid_t, data type

sec_rgy_sid_t

sec_rgy_site_bind

sec_rgy_site_bind(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_site_bind_update

sec_rgy_site_bind_update(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_site_binding_get_info

sec_rgy_site_binding_get_info(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_site_close

sec_rgy_site_close(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_site_get

sec_rgy_site_is_readonly

sec_rgy_site_is_readonly(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_site_open

sec_rgy_site_open(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_site_open_query

sec_rgy_site_open_update

sec_rgy_site_open_update(), overview

RS Binding; rs_bind Interface and sec_rgy_bind API

sec_rgy_unix_gecos_t

sec_rgy_unix_gecos_t, data type

sec_rgy_unix_gecos_t

sec_rgy_unix_getgrgid

sec_rgy_unix_getgrnam

sec_rgy_unix_getpwnam

sec_rgy_unix_getpwuid

sec_rgy_unix_group_t

sec_rgy_unix_group_t, data type

sec_rgy_unix_group_t

sec_rgy_unix_login_name_t

sec_rgy_unix_login_name_t, data type

sec_rgy_unix_login_name_t

sec_rgy_unix_passwd_buf_t

sec_rgy_unix_passwd_buf_t, data type

sec_rgy_unix_passwd_buf_t

sec_rgy_unix_passwd_t

sec_rgy_unix_passwd_t, data type

sec_rgy_unix_passwd_t

sec_rgy_unix_sid_t

sec_rgy_unix_sid_t, data type

sec_rgy_unix_sid_t

sec_rgy_wait_until_consistent

sec_timeval_period_t

sec_timeval_period_t, data type

sec_timeval_period_t

sec_timeval_sec_t

sec_timeval_sec_t, data type

sec_timeval_sec_t

sec_timeval_t

secidmap

The secidmap RPC Interface

Common Data Types and Constants for the secidmap Interface

Interface UUID and Version Number for the secidmap Interface

secidmap RPC interface

The secidmap RPC Interface

second

Second Step: Matching

Combined First and Second Steps

secondary group UUID,

Privilege (Authorisation) Service (PS)

secondary group, in account item

Accounts; rs_acct RPC interface

secrecy

Security Attributes: Authenticity, Integrity, Confidentiality

secret

secret,

Untrusted Environments: A Priori Trust and Trust Chains

secret, role in building trust chain

Distributed Security: Secrets and Cryptology

secret-key certificate

The use-session-key Option

secrets

Distributed Security: Secrets and Cryptology

secure

Security Attributes: Authenticity, Integrity, Confidentiality

secure

security

Introduction to Security Services

Security Attributes: Authenticity, Integrity, Confidentiality

Distributed Security: Secrets and Cryptology

Key-based Security: Kerckhoffs' Doctrine

DCE Security Model

Security Services and Protocols

DCE Security Replication and Propagation

Locate a Security Server

Security in the CL RPC Protocol

Security in the CO RPC Protocol

Security Application Programming Interface

Miscellaneous Routines Needed for DCE Security

security client daemon (SCD),

security context

security junction RPC group

Integration with Naming Services

security services, introduction

Introduction to Security Services

security, attribute

Security Attributes: Authenticity, Integrity, Confidentiality

security, based on time

Integration with Time Services

security, distributed

Distributed Security: Secrets and Cryptology

security, generalities

Generalities on Security-The Architecture of Trust

security, integration with naming services

Integration with Naming Services

security, integration with RPC

Integration with RPC Services

security, level provided by DES

Data Encryption Standard (DES)

security, logical

Distributed Security: Secrets and Cryptology

security, model

DCE Security Model

security, of cross-cell authentication step

Cross-Cell Authentication

security, of non-memorisable password

Key Management Facility

security, of time source

Integration with Time Services

security, physical

Untrusted Environments: A Priori Trust and Trust Chains

security, verifier (PDU)

What is Specified in this Chapter

security, versus performance

Protected RPC

Security-Related

Cryptography- and Security-Related Data Types

Security-The

Generalities on Security-The Architecture of Trust

Security-Version

Security-Version (Version 2) UUIDs

security-version UUID

Security-Version (Version 2) UUIDs

seed

Registered Password-to-Key Mappings

seed, DES

CBC Mode

seed, of CRC

Cyclic Redundancy Checksums

Selection/Substitution

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

selector, in secidmap interface

rsec_id_output_selector_t

self, trust in

Untrusted Environments: A Priori Trust and Trust Chains

semantic information, in ID map facility

ID Map Facility

semantic representation (encoding)

Encoding/Decoding and Encryption/Decryption of Messages

semantics of permission

ACL Managers, Permissions, Access Determination Algorithms

semantics, of permission

Common Permissions

Supported Permissions

Semi-Weak

Semi-Weak Keys

semi-weak keys,

Semi-Weak Keys

sends

Client Sends AS Request to KDS

KDS Server Receives AS Request and Sends AS Response

Client Sends Authentication Header

Server Receives Authentication Header and Sends Reverse-Authentication Header

Client Sends TGS Request

KDS Server Receives TGS Request and Sends TGS Response

Client Sends PTGS Request

PS Server Receives PTGS Request and Sends PTGS Response

Client Sends Privilege Authentication Header

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

separator, in cell name

Cell Names

sequence

Sequence Numbers

sequence number, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

sequence number, data type

Sequence Numbers

sequence,

Sequences

sequence, and endianness

Integer Representations (Endianness)

SEQUENCE, denoting field element

Key Distribution (Authentication) Services

sequences

Sequences

server

DCE Security Model

Server

Server Side

KDS Server Receives AS Request and Sends AS Response

Server Receives Authentication Header and Sends Reverse-Authentication Header

KDS Server Receives TGS Request and Sends TGS Response

PS Server Receives PTGS Request and Sends PTGS Response

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

Locate a Security Server

server cell, in TGS response

Client Receives TGS Response

server name, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

server name, in TGS response

Client Receives TGS Response

server name, not a parameter in sec_acl

ACL Editors

server name, versus CDS-registered service name

Integration with Naming Services

server, in CL context

CL Establishment of Credentials (Conversation Manager)

server, in KDS Error message

KDS Error Processing

server, in transit path

Registered Transit Path Types

server, readable/writable

RS Binding; rs_bind Interface and sec_rgy_bind API

server, receives authentication header

Server Receives Authentication Header and Sends Reverse-Authentication Header

server, receives PA header

Server Receives Privilege Authentication Header and Sends Privilege Reverse-Authentication Header

server, receives PTGS request

PS Server Receives PTGS Request and Sends PTGS Response

server, security

DCE Security Model

server, targeted

Kerberos Key Distribution (Authentication) Service (KDS)

Tickets, Keys, and Cross-Registration

servers

Binding to TCB Servers

Binding to ACL Servers

service

Policy versus Service versus Mechanism

Kerberos Key Distribution (Authentication) Service (KDS)

Privilege (Authorisation) Service (PS)

Registration Service (RS) and RS Editors

PAC-Based Privilege Service (PS)

PTGS Service

Name Service Registration

assured service

denial of service

distributed time service (DTS)

intermediate service

service

service name, RPC

Fundamental Concepts

PAC-Based Privilege Service (PS)

service request, failed

KDS Errors

service request/response

Kerberos Key Distribution (Authentication) Service (KDS)

service ticket,

Kerberos Key Distribution (Authentication) Service (KDS)

service,

Policy versus Service versus Mechanism

service, assured

Security Attributes: Authenticity, Integrity, Confidentiality

service, examples

Policy versus Service versus Mechanism

service, PTGS

PTGS Service

service, request/response

Privilege (Authorisation) Service (PS)

service-ticket

Tickets, Keys, and Cross-Registration

serviceability permission

Supported Permissions

services

Introduction to Security Services

Integration with Time Services

Integration with RPC Services

Integration with Naming Services

Security Services and Protocols

Key Distribution (Authentication) Services

AS and TGS Services

Privilege (Authorisation) Services

Registered Authentication Services

Registered Authorisation Services

session

session key

Kerberos Key Distribution (Authentication) Service (KDS)

Tickets, Keys, and Cross-Registration

session key,

DCE Security Model

session key, distributed by KDS

Kerberos Key Distribution (Authentication) Service (KDS)

session key, generation

KDS Server Receives AS Request and Sends AS Response

session key, in AS response

Kerberos Key Distribution (Authentication) Service (KDS)

session key, in Kerberos protocol

Kerberos Key Distribution (Authentication) Service (KDS)

session key, in TGS response

Kerberos Key Distribution (Authentication) Service (KDS)

Client Receives TGS Response

session key, use (authentication header flag)

The use-session-key Option

session,

DCE Security Model

set

Set of Delegation and Target Restrictions

Set of Extended PACs (EPACs)

Delegation Token Set

attribute set

set, ACLE permission

ACLE Permission Sets

sets

Linking EPAC Sets to Tickets

Attribute Sets

ACLE Permission Sets

shadow

sec_rgy_properties_flags_t

shadow password

sec_rgy_properties_flags_t

shape model, trusted

RS Information

shared state

Conversation Manager out_data

shell

sec_rgy_acct_user_t

shift

Bitwise Operations and Rotations

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

shift schedule

Key Schedule (KS): Permuted Choices (PC1, PC2) and Left Shift (LS)

short PGO name

sec_rgy_name_t-Short and Long PGO Names

short-term key

Kerberos Key Distribution (Authentication) Service (KDS)

Tickets, Keys, and Cross-Registration

shortword,

Bits, Bytes, Words, and so on

side

Client Side

Server Side

signature

Signature of padata Field

signature

signature,

Message Digests 4 and 5 (MD4, MD5)

simple

simple object

simple object,

Object Types, ACL Types, and ACL Inheritance

site

site administrator

site, synonymous with server

RS Binding; rs_bind Interface and sec_rgy_bind API

skew

Kerberos Key Distribution (Authentication) Service (KDS)

Integration with Time Services

Timestamps, Microseconds, and Clock Skew

Maximum Allowable Clock Skew

skew,

Maximum Allowable Clock Skew

skew, in RS information

RS Information

slave

Slave Replica

slave RS server

RS Binding; rs_bind Interface and sec_rgy_bind API

so

Bits, Bytes, Words, and so on

some

Some Special Functions

Some Basic Data Types

space character, prohibited in password

sec_rgy_plcy_pwd_flags_t

space, in transit path

Registered Transit Path Types

special

Some Special Functions

specific

Status Codes Specific to Delegation

specification

Versions and Issues of Specifications

Outline of the Remainder of this Chapter, and of this Specification

specificity, of ACLEs

Common ACLs

specified

What is Specified in this Chapter

spoof

DCE Security Model

standard

The Development of Product Standards

Data Encryption Standard (DES)

data encryption standard (DES)

start time

Kerberos Key Distribution (Authentication) Service (KDS)

start time, initialisation

Client Sends AS Request to KDS

state

Initialise State Buffer and Trigonometric Vector

Replica State

state information, conceptual part of login context

states

Replica States

static method, none for decomposing PGO names

ID Map Facility

status

Error Status Codes/Text/Data

Registered Error Status Codes/Text/Data

Status Codes

Status Code Origination

Status Codes

Status Codes Specific to Delegation

status code, ACL editor

Status Codes

status code, in KDS Error message

KDS Error Processing

status code, in rpriv

Status Codes

status code, key management

Status Codes

status code, RS editor interfaces

Status Codes

status code, scd interface

Status Codes

status code, secidmap

Status Codes

status text, in KDS Error message

KDS Error Processing

step

First Step: Reduction

Second Step: Matching

Combined First and Second Steps

Third Step: Subalgorithms

storage, of data type as pickle

(IDL/NDR) Pickles

strategy, next-hop

RS Information

strength

strength of algorithm,

Key-based Security: Kerckhoffs' Doctrine

string

Sequences

stringname

Name-based versus PAC-based Authorisation

stringname, guaranteed unique

Principal Names

stringname, in PGO item

PGO Items; rs_pgo RPC Interface

stringname, name of PGO

ID Map Facility

stringname, on server, identifies object

ACL Editors

stringname, printable (data type)

sec_rgy_pname_t

strong

strong key

stx_id

(IDL/NDR) Pickles

stx_version

(IDL/NDR) Pickles

sub_type

Security in the CO RPC Protocol

subalgorithm

USER_OBJ Subalgorithm

USER/FOREIGN_USER Subalgorithm

GROUP_OBJ/GROUP/FOREIGN_GROUP Subalgorithm

OTHER_OBJ Subalgorithm

FOREIGN_OTHER Subalgorithm

ANY_OTHER Subalgorithm

USER_OBJ_DEL Subalgorithm

USER_DEL/FOREIGN_USER_DEL Subalgorithm

GROUP_OBJ_DEL/GROUP_DEL/FOREIGN_GROUP_DEL Subalgorithm

OTHER_OBJ_DEL Subalgorithm

FOREIGN_OTHER_DEL Subalgorithm

ANY_OTHER_DEL Subalgorithm

subalgorithm, CADA

Third Step: Subalgorithms

subalgorithms

Third Step: Subalgorithms

Non-Intermediary Subalgorithms

Intermediary Subalgorithms

subject

subject,

Subjects and Objects, Privilege and Authorisation

subject-side access information

Subjects and Objects, Privilege and Authorisation

subjects

Subjects and Objects, Privilege and Authorisation

subkey to halfblock mapping

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

submapping

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

subscript

Sequences

subtracting rights

ACL Entries and their Types

success, in received response

Client Receives AS Response

supported

ACL Manager Types Supported by the RS

Supported Delegation Types

Supported Seal Types

Supported Permissions

surrogate

Tickets, Keys, and Cross-Registration

surrogate cell principal

Cells-Cross-cell Authentication and Authorisation

suspicion, of PAC without authentication

Privilege (Authorisation) Service (PS)

symbol

Symbol Mapping Table

symmetric trust peers

Cells-Cross-cell Authentication and Authorisation

synchronisation

Kerberos Key Distribution (Authentication) Service (KDS)

syntactic method, none for decomposing PGO names

ID Map Facility

syntactic representation (encryption)

Encoding/Decoding and Encryption/Decryption of Messages

syntax identifier

(IDL/NDR) Pickles

syntaxes

Registered Syntaxes for Cell Names

t

Rounds (T): Cipher Function (F), Expansion (E), Permutation (P) and Selection/Substitution (S)

T[]

Initialise State Buffer and Trigonometric Vector

table

Symbol Mapping Table

tag UUID field

ACL Entries and their Types

target

Entry Types for Delegate and Target Restrictions

Delegate and Target Restriction Types

Set of Delegation and Target Restrictions

target

target restrictions

targeted server

Kerberos Key Distribution (Authentication) Service (KDS)

Tickets, Keys, and Cross-Registration

targeted ticket,

Kerberos Key Distribution (Authentication) Service (KDS)

taxonomy, of ACLE types

ACL Entries and their Types

TCB

Binding to TCB Servers

network TCB

TCB,

Untrusted Environments: A Priori Trust and Trust Chains

TCB, issuing cell

Tickets, Keys, and Cross-Registration

technology, versus human issues

Generalities on Security-The Architecture of Trust

terminology

Terminology, Notation, and Conventions

terminology,

Terminology, Notation, and Conventions

terminology, academic

Generalities on Security-The Architecture of Trust

test permission

ACL Managers, Permissions, Access Determination Algorithms

Supported Permissions

TGS

The Timestamps (AS + TGS) Protocol

The Third-Party (AS + TGS) Protocol

AS and TGS Services

KDS (AS and TGS) Requests

KDS (AS and TGS) Responses

TGS Request/Response Processing

Client Sends TGS Request

KDS Server Receives TGS Request and Sends TGS Response

Client Receives TGS Response

TGS Request/Response Processing (By KDS)

TGS request

Kerberos Key Distribution (Authentication) Service (KDS)

Privilege (Authorisation) Service (PS)

TGS request, client sends

Client Sends TGS Request

TGS request/response

Privilege (Authorisation) Service (PS)

TGS response

Kerberos Key Distribution (Authentication) Service (KDS)

Privilege (Authorisation) Service (PS)

TGS response, construction

KDS Server Receives TGS Request and Sends TGS Response

TGS response, receiving

Client Receives TGS Response

TGS,

AS and TGS Services

TGS, request received

KDS Server Receives TGS Request and Sends TGS Response

TGS, request/response processingn

TGS Request/Response Processing

TGS, response (data type)

KDS (AS and TGS) Responses

TGT

Pre-Authentication and Obtaining a TGT

the CRC,

Registered CRCs

their

ACL Entries and their Types

RS Protected Objects and their ACL Manager Types

theory, formal

Generalities on Security-The Architecture of Trust

third

Third Step: Subalgorithms

third party, trusted

Untrusted Environments: A Priori Trust and Trust Chains

DCE Security Model

Third-Party

The Third-Party (AS + TGS) Protocol

Third-Party Pre-Authentication Protocol

Third-Party, Client Protocol

Client Side

Third-Party, Protocol

The Third-Party (AS + TGS) Protocol

Third-Party, Server Protocol

Server Side

this

This Document

Outline of the Remainder of this Chapter, and of this Specification

What is Specified in this Chapter

threat analysis

Policy versus Service versus Mechanism

ticket

Part of Ticket to be Encrypted

Ticket Flags

ticket

ticket flag, data type

Ticket Flags

ticket,

DCE Security Model

ticket, and authenticator

Authentication Headers

ticket, basis for denying service

Part of Ticket to be Encrypted

ticket, data type

Tickets

ticket, differences between types

Privilege (Authorisation) Service (PS)

ticket, distributed by KDS

Kerberos Key Distribution (Authentication) Service (KDS)

ticket, effect when key is changed

Key Management Facility

ticket, encrypted part

Part of Ticket to be Encrypted

ticket, genuineness of received

Client Receives AS Response

ticket, granting service

DCE Security Model

ticket, in AS response

Kerberos Key Distribution (Authentication) Service (KDS)

ticket, in Kerberos protocol

Kerberos Key Distribution (Authentication) Service (KDS)

ticket, in service request

Kerberos Key Distribution (Authentication) Service (KDS)

ticket, in TGS response

Client Receives TGS Response

ticket, interpretability

Part of Ticket to be Encrypted

ticket, Kerberos

Tickets, Keys, and Cross-Registration

ticket, lifetime

Kerberos Key Distribution (Authentication) Service (KDS)

sec_rgy_plcy_auth_t

ticket, lifetime in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

ticket, lifetime, in RS information

RS Information

ticket, manipulated old

Client Sends TGS Request

ticket, newly issued

Client Sends TGS Request

ticket, obtained from KDS at login

ticket, privilege

Privilege (Authorisation) Service (PS)

ticket, privilege-

Privilege-Tickets

ticket, privilege- (data type)

Privilege-Tickets

ticket, referral

The Complete Cross-cell Scenario

ticket, request

Kerberos Key Distribution (Authentication) Service (KDS)

ticket, request for new

KDS (AS and TGS) Requests

ticket, targeted

Kerberos Key Distribution (Authentication) Service (KDS)

ticket, ticket-granting

Tickets, Keys, and Cross-Registration

ticket, timestamps in

Integration with Time Services

ticket-granting service (TGS),

AS and TGS Services

ticket-granting service,

Kerberos Key Distribution (Authentication) Service (KDS)

ticket-granting ticket

Client Sends TGS Request

tickets

Linking EPAC Sets to Tickets

Tickets, Keys, and Cross-Registration

Tickets

time

Integration with Time Services

distributed time service (DTS)

time interval, data type

sec_timeval_period_t

time services

Integration with Time Services

time, basis for security

Integration with Time Services

time, end of

Timestamps, Microseconds, and Clock Skew

time, start/expiration

Kerberos Key Distribution (Authentication) Service (KDS)

time, UTC

Timestamps, Microseconds, and Clock Skew

time-out

DCE Security Model

time-out, password

sec_passwd_version_t

timeliness

Security Attributes: Authenticity, Integrity, Confidentiality

timestamp, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

timestamp, comparison and arithmetic

Timestamps, Microseconds, and Clock Skew

timestamp, compromise of

Integration with Time Services

timestamp, data type

Timestamps, Microseconds, and Clock Skew

timestamp, in KDS Error message

KDS Error Processing

timestamp, in Kerberos protocol

Kerberos Key Distribution (Authentication) Service (KDS)

timestamp, lifetime

Kerberos Key Distribution (Authentication) Service (KDS)

timestamp, microsecond

Timestamps, Microseconds, and Clock Skew

timestamp, usage in Kerberos

Integration with Time Services

timestamps

The Timestamps (AS + TGS) Protocol

Timestamps, Microseconds, and Clock Skew

Timestamps, Protocol

The Timestamps (AS + TGS) Protocol

token

Delegation Tokens

Delegation Token (Version 0) Format

Version 0 Token Flags

Delegation Token

Delegation Token Set

delegation token

tolerance for malformed ACL

ACL Managers, Permissions, Access Determination Algorithms

tower, protocol

sec_acl_twr_ref_t

rs_replica_twr_vec_p_t

traced

traced delegation

Traced Delegation

Delegation Controls

trademarks

Trademarks

transaction, semantics not specified

ACL Editors

transferred trust

Knowledge versus Belief; Trust

transit

Transit Paths

Registered Transit Path Types

transit path

transit path,

Kerberos Key Distribution (Authentication) Service (KDS)

transit path, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

transit path, data type

Transit Paths

transit path, empty

Registered Transit Path Types

transit path, in AS response

Kerberos Key Distribution (Authentication) Service (KDS)

transit path, in privilege ticket

Privilege (Authorisation) Service (PS)

transit path, in RS information

RS Information

transit path, level of trust in

Multi-Hop Trust Chains

transitive trust

Untrusted Environments: A Priori Trust and Trust Chains

transmitting

Transmitting and Receiving EPACs

trigger

Attribute Trigger Facility

Trigger Binding

trigger

trigger type

Trigger Binding,

Trigger Binding

triggers

Attribute Triggers

Query Triggers

Update Triggers

Access Control on Attributes with Triggers

trigonometric

Initialise State Buffer and Trigonometric Vector

trigonometric vector T[]

Initialise State Buffer and Trigonometric Vector

trivial encryption

sec_etype_t

trivial, encryption

Registered Encryption Key Types

Registered Encryption Types

true session key

DCE Security Model

trust

Generalities on Security-The Architecture of Trust

Knowledge versus Belief; Trust

Untrusted Environments: A Priori Trust and Trust Chains

Multi-Hop Trust Chains

trust

trust chain,

Untrusted Environments: A Priori Trust and Trust Chains

trust chain, extend to multi-cell case

Cells-Cross-cell Authentication and Authorisation

trust chain, indirect

The Complete Cross-cell Scenario

trust chain, link

Distributed Security: Secrets and Cryptology

trust chain, multi-hop

Multi-Hop Trust Chains

trust,

Knowledge versus Belief; Trust

trust, and authentication flag

Privilege (Authorisation) Service (PS)

trust, and cross-registration

Cells-Cross-cell Authentication and Authorisation

trust, evaluating the path

Privilege (Authorisation) Service (PS)

trust, in transit path

Multi-Hop Trust Chains

trust, in UUIDs

Privilege (Authorisation) Service (PS)

trust, of login context

trust, varies between cells

Cells-Cross-cell Authentication and Authorisation

trusted

a priori trusted entity

trusted computing base

trusted computing base (TCB)

DCE Security Model

trusted computing base (TCB),

Untrusted Environments: A Priori Trust and Trust Chains

trusted shape model

RS Information

twisted CRC

Cyclic Redundancy Checksums

type

Attribute Type Flags

attribute encoding type

trigger type

type UUID, of ACL manager

ACL Managers, Permissions, Access Determination Algorithms

type UUID, pre-encrypted pickle

rs_acct_key_transmit_t

type, ACL

Identifying Protected Objects and ACLs

type, ACL, data type

ACL Types

type, checksum

Checksums

type, for encrypting byte strings (data type)

sec_encrypted_bytes_t

type, for uninterpreted byte strings (data type)

sec_bytes_t

type, of ACL manager supported by RS

ACL Manager Types Supported by the RS

type, of ACLE

ACL Entries and their Types

type, of checksum (data type)

sec_chksum_type_t

type, of encryption (data type)

sec_etype_t

type, of key

Key Management Facility

type, of query key

rs_pgo_query_t

type, polymorphic

Identifying Protected Objects and ACLs

type, UUID, ACL managers

RS Protected Objects and their ACL Manager Types

types

ACL Entries and their Types

Object Types, ACL Types, and ACL Inheritance

ACL Manager Types Supported by the RS

Access Control for Attribute Types

Well-Known Attribute Types

Some Basic Data Types

Protocol Message Types

Registered Protocol Message Types

Registered Transit Path Types

Registered RS Name Types

Registered Host Address Types

Registered Last Request Types

Cryptography- and Security-Related Data Types

Registered Encryption Key Types

Registered Checksum Types

Registered Encryption Types

Registered Authentication Data Types

Registered Authorisation Data Types

Data Types

Entry Types for Delegate and Target Restrictions

Delegate and Target Restriction Types

Supported Delegation Types

Common Data Types and Constants for rdacl Interface

RS Protected Objects and their ACL Manager Types

Common Data Types and Constants for RS Editors

Common Data Types and Constants for rs_bind

Common Data Types and Constants for rs_policy

Common Data Types and Constants for rs_pgo

Common Data Types and Constants for rs_acct

Common Data Types and Constants for rs_misc

Common Data Types and Constants for rs_attr

Common Data Types and Constants for rs_attr_schema

Common Data Types and Constants for rs_prop_acct

Common Data Types and Constants for rs_prop_acl

Common Data Types and Constants for rs_prop_attr

Common Data Types and Constants for rs_prop_attr_schema

Common Data Types and Constants for rs_prop_pgo

Common Data Types and Constants for rs_pwd_mgmt

Common Data Types and Constants for rs_repadm

Common Data Types and Constants for rs_replist

Common Data Types and Constants for rs_repmgr

Common Data Types and Constants for rs_unix

Common Data Types and Constants for the secidmap Interface

Common Data Types and Constants for Key Management

Common Data Types and Constants for scd Interface

Data Types and Constants

Data Types

types of protected object, multiple

Multiple ACLs and ACL Managers

Types, Supported for Delegation

Supported Delegation Types

Types, Supported Seal Identifiers

Supported Seal Types

typographic

Typographic Conventions

typographic conventions

Typographic Conventions

UDP

The krb5rpc RPC Interface

unambiguous account reference

sec_rgy_acct_key_t

unambiguous, guarantee of stringname

Principal Names

UNAUTHENTICATED

ACL Entries and their Types

unauthenticated ACL entry

Privilege (Authorisation) Service (PS)

UNAUTHENTICATED, at most one

Common ACLs

UNAUTHENTICATED, optional in common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

underlying object

ACL Editors

unencrypted

Registered Encryption Key Types

unilateral trust mediation

Cells-Cross-cell Authentication and Authorisation

uninterpreted, cell name

Cell Names

unique, guarantee of stringname

Principal Names

uniqueness, of object identification

Identifying Protected Objects and ACLs

uniqueness, of pgo-UUID

ID Map Facility

uniqueness, of security-version UUID

Security-Version (Version 2) UUIDs

uniqueness, of UUID in PGO item

PGO Items; rs_pgo RPC Interface

universal ACLE type

ACL Entries and their Types

universal delegation ACLE type

ACL Entries and their Types

unknown

Unknown Intercell Action Attribute

Unknown Intercell Action, Attribute

Unknown Intercell Action Attribute

unprotected RPC

Protected RPC

unregisterable authorisation data

PS Server Receives PTGS Request and Sends PTGS Response

unspecified bit

Key Distribution (Authentication) Services

untrusted

Untrusted Environments: A Priori Trust and Trust Chains

unused bit

Key Distribution (Authentication) Services

unvalidated login

up-over-down algorithm

RS Information

update

Update Triggers

US ASCII

Registered Password-to-Key Mappings

use

Use of Pseudocode

use session key, authentication header flag

The use-session-key Option

use-session-key

The use-session-key Option

use-session-key, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

use-session-key, in TGS request

Client Sends TGS Request

use_defaults

The use_defaults Algorithm

use_defaults, Algorithm

The use_defaults Algorithm

USER

ACL Entries and their Types

User Interfaces

user information permission

Supported Permissions

user interfaces for ACL manipulation, not specified

ACL Editors

User Interfaces, ACLEs

User Interfaces

USER, algorithm

USER/FOREIGN_USER Subalgorithm

user, attribute (data type)

sec_rgy_acct_user_flags_t

USER, limitation in common ACL

Common ACLs

USER, supported by common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

user-friendly, common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

user-level information

sec_rgy_acct_user_t

user-to-user authentication

The use-session-key Option

USER/FOREIGN_USER

USER/FOREIGN_USER Subalgorithm

USER_DEL, algorithm

USER_DEL/FOREIGN_USER_DEL Subalgorithm

USER_DEL/FOREIGN_USER_DEL

USER_DEL/FOREIGN_USER_DEL Subalgorithm

USER_DELEG

ACL Entries and their Types

USER_OBJ

ACL Entries and their Types

USER_OBJ Subalgorithm

USER_OBJ, algorithm

USER_OBJ Subalgorithm

USER_OBJ, at most one

Common ACLs

USER_OBJ, optional in common ACL manager

ACL Managers, Permissions, Access Determination Algorithms

USER_OBJ_DEL

USER_OBJ_DEL Subalgorithm

USER_OBJ_DEL, algorithm

USER_OBJ_DEL Subalgorithm

USER_OBJ_DELEG

ACL Entries and their Types

UTC time

Timestamps, Microseconds, and Clock Skew

UTC, difference from (skew)

Maximum Allowable Clock Skew

UUID

DCE Security Model

Interface UUID for ACLs

Interface UUID and Version Number for rdacl Interface

Interface UUID and Version Number for rs_bind

Interface UUID and Version Number for rs_policy

Interface UUID and Version Number for rs_pgo

Interface UUID and Version Number for rs_acct

Interface UUID and Version Number for rs_misc

Interface UUID for rs_attr

Interface UUID for rs_attr_schema

Interface UUID and Version Number for rs_prop_acct

Interface UUID and Version Number for rs_prop_acl

Interface UUID and Version Number for rs_prop_attr

Interface UUID and Version Number for rs_prop_attr_schema

Interface UUID and Version Number for rs_prop_pgo

Interface UUID and Version Number for rs_prop_plcy

Interface UUID and Version Number for rs_prop_replist

Interface UUID and Version Number for rs_pwd_mgmt

Interface UUID and Version Number for rs_qry

Interface UUID and Version Number for rs_repadm

Interface UUID and Version Number for rs_replist

Interface UUID and Version Number for rs_repmgr

Interface UUID and Version Number for rs_rpladmn

Interface UUID and Version Number for rs_unix

Interface UUID and Version Number for rs_update

Interface UUID and Version Number for the secidmap Interface

Interface UUID and Version Number for scd Interface

attribute type UUID

UUID, account (data type)

sec_rgy_sid_t

UUID, ACL manager type

Access Control Lists (ACLs)

Identifying Protected Objects and ACLs

UUID, ACL managers

RS Protected Objects and their ACL Manager Types

UUID, ACLs

Interface UUID for ACLs

UUID, conceptual part of login context

UUID, default cell

Access Control Lists (ACLs)

UUID, element of cell-profile node

Binding to TCB Servers

UUID, group

Privilege (Authorisation) Service (PS)

UUID, in authorisation identity

Authorisation Identities

UUID, in PGO item

PGO Items; rs_pgo RPC Interface

UUID, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

UUID, local cell

Privilege (Authorisation) Service (PS)

UUID, local secondary group

Privilege (Authorisation) Service (PS)

UUID, lookup by

rs_pgo_id_key_t

UUID, mapping by ID map facility

ID Map Facility

UUID, pairs

Privilege (Authorisation) Service (PS)

UUID, pre-encrypted pickle

rs_acct_key_transmit_t

UUID, principal

Privilege (Authorisation) Service (PS)

UUID, rdacl interface

Interface UUID and Version Number for rdacl Interface

UUID, rs_acct interface

Interface UUID and Version Number for rs_acct

UUID, rs_attr interface

Interface UUID for rs_attr

UUID, rs_attr_schema interface

Interface UUID for rs_attr_schema

UUID, rs_bind interface

Interface UUID and Version Number for rs_bind

UUID, rs_misc interface

Interface UUID and Version Number for rs_misc

UUID, rs_pgo interface

Interface UUID and Version Number for rs_pgo

UUID, rs_policy interface

Interface UUID and Version Number for rs_policy

UUID, rs_prop_acct interface

Interface UUID and Version Number for rs_prop_acct

UUID, rs_prop_acl interface

Interface UUID and Version Number for rs_prop_acl

UUID, rs_prop_attr interface

Interface UUID and Version Number for rs_prop_attr

UUID, rs_prop_attr_schema interface

Interface UUID and Version Number for rs_prop_attr_schema

UUID, rs_prop_pgo interface

Interface UUID and Version Number for rs_prop_pgo

UUID, rs_prop_plcy interface

Interface UUID and Version Number for rs_prop_plcy

UUID, rs_prop_replist interface

Interface UUID and Version Number for rs_prop_replist

UUID, rs_pwd_mgmt interface

Interface UUID and Version Number for rs_pwd_mgmt

UUID, rs_qry interface

Interface UUID and Version Number for rs_qry

UUID, rs_repadm interface

Interface UUID and Version Number for rs_repadm

UUID, rs_replist interface

Interface UUID and Version Number for rs_replist

UUID, rs_repmgr interface

Interface UUID and Version Number for rs_repmgr

UUID, rs_rpladmn interface

Interface UUID and Version Number for rs_rpladmn

UUID, rs_unix interface

Interface UUID and Version Number for rs_unix

UUID, rs_update interface

Interface UUID and Version Number for rs_update

UUID, scd interface

Interface UUID and Version Number for scd Interface

UUID, secidmap interface

Interface UUID and Version Number for the secidmap Interface

UUID, security-version

Security-Version (Version 2) UUIDs

UUID, stored in ticket at login

uuid_create(), not part of TCB

Security in the CO RPC Protocol

UUIDs

Security-Version (Version 2) UUIDs

validate, in TGS request

Client Sends TGS Request

validated

validated login

validation of ticket, by login facility

Client Receives AS Response

validation state, conceptual part of login context

validation, as certification

validity of key, limit on time

Integration with Time Services

validity, password

sec_rgy_acct_user_flags_t

value

attribute value

variability

Implementation Variability Regarding Required Rights

variability, in header processing

(Reverse-)Authentication Header Processing

vector

Sequences

Initialise State Buffer and Trigonometric Vector

verifier

What is Specified in this Chapter

CO Verifier auth_value.assoc_uuid_crc

CO Verifier auth_value.checksum

CO Verifier auth_value.credentials

verifier, of PDU

What is Specified in this Chapter

verifier, PDU

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

verifier, RPC, availability

DCE Security Model

verifiers

CL Integrity and Confidentiality (PDU Verifiers and Bodies)

CO Integrity and Confidentiality (PDU Verifiers and Bodies)

version

Protocol Version Numbers

Registered Protocol Version Numbers

Security-Version (Version 2) UUIDs

Delegation Token (Version 0) Format

Version 0 Token Flags

Interface UUID and Version Number for rdacl Interface

Interface UUID and Version Number for rs_bind

Interface UUID and Version Number for rs_policy

Interface UUID and Version Number for rs_pgo

Interface UUID and Version Number for rs_acct

Interface UUID and Version Number for rs_misc

Interface UUID and Version Number for rs_prop_acct

Interface UUID and Version Number for rs_prop_acl

Interface UUID and Version Number for rs_prop_attr

Interface UUID and Version Number for rs_prop_attr_schema

Interface UUID and Version Number for rs_prop_pgo

Interface UUID and Version Number for rs_prop_plcy

Interface UUID and Version Number for rs_prop_replist

Interface UUID and Version Number for rs_pwd_mgmt

Interface UUID and Version Number for rs_qry

Interface UUID and Version Number for rs_repadm

Interface UUID and Version Number for rs_replist

Interface UUID and Version Number for rs_repmgr

Interface UUID and Version Number for rs_rpladmn

Interface UUID and Version Number for rs_unix

Interface UUID and Version Number for rs_update

Interface UUID and Version Number for the secidmap Interface

Interface UUID and Version Number for scd Interface

Version 0 Token Flags, Data Type

Version 0 Token Flags

version 2 UUID

Security-Version (Version 2) UUIDs

version number, checked by KDS server

KDS Server Receives TGS Request and Sends TGS Response

version number, element of cell-profile node

Binding to TCB Servers

version number, in CL security

Conversation Manager in_data

version number, in KDS Error message

KDS Error Processing

version number, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

version number, in RS information

RS Information

version number, of cryptographic key

sec_key_version_t

sec_passwd_version_t

version number, of key

Key Management Facility

version number, of pickle header

(IDL/NDR) Pickles

version number, of RPC transfer syntax

(IDL/NDR) Pickles

version number, of version 2 UUID

Security-Version (Version 2) UUIDs

version number, presence/absence of

Encrypted Data

version number, protocol (data type)

Protocol Version Numbers

version number, rdacl interface

Interface UUID and Version Number for rdacl Interface

version number, rs_acct

Interface UUID and Version Number for rs_acct

version number, rs_bind interface

Interface UUID and Version Number for rs_bind

version number, rs_misc

Interface UUID and Version Number for rs_misc

version number, rs_pgo

Interface UUID and Version Number for rs_pgo

version number, rs_policy interface

Interface UUID and Version Number for rs_policy

version number, rs_prop_acct interface

Interface UUID and Version Number for rs_prop_acct

version number, rs_prop_acl interface

Interface UUID and Version Number for rs_prop_acl

version number, rs_prop_attr interface

Interface UUID and Version Number for rs_prop_attr

version number, rs_prop_attr_schema interface

Interface UUID and Version Number for rs_prop_attr_schema

version number, rs_prop_pgo interface

Interface UUID and Version Number for rs_prop_pgo

version number, rs_prop_plcy interface

Interface UUID and Version Number for rs_prop_plcy

version number, rs_prop_replist interface

Interface UUID and Version Number for rs_prop_replist

version number, rs_pwd_mgmt interface

Interface UUID and Version Number for rs_pwd_mgmt

version number, rs_qry interface

Interface UUID and Version Number for rs_qry

version number, rs_repadm interface

Interface UUID and Version Number for rs_repadm

version number, rs_replist interface

Interface UUID and Version Number for rs_replist

version number, rs_repmgr interface

Interface UUID and Version Number for rs_repmgr

version number, rs_rpladmn interface

Interface UUID and Version Number for rs_rpladmn

version number, rs_unix interface

Interface UUID and Version Number for rs_unix

version number, rs_update interface

Interface UUID and Version Number for rs_update

version number, scd interface

Interface UUID and Version Number for scd Interface

version number, secidmap

Interface UUID and Version Number for the secidmap Interface

versions

Versions and Issues of Specifications

versus

Policy versus Service versus Mechanism

Knowledge versus Belief; Trust

Name-based versus PAC-based Authorisation

vetting, cross-cell

Cross-cell Authorisation-Vetting the Privilege-ticket-granting-ticket

vetting, in RS information

RS Information

visibility, password

sec_rgy_properties_flags_t

vouch,

Untrusted Environments: A Priori Trust and Trust Chains

vouching, by PS

Privilege (Authorisation) Service (PS)

vouching, by PS server

PS Server Receives PTGS Request and Sends PTGS Response

warning

Warning

weak

Weak Keys

Possibly Weak Keys

weak password

weak keys,

Weak Keys

Well Known, Attribute Types

Well-Known Attribute Types

well-formed ACL

Common ACLs

Well-Known

Well-Known Attribute Types

Schemas for Well-Known Attributes

what

What is Specified in this Chapter

wildcard

rs_acct_lookup()

wiretapping

Security Attributes: Authenticity, Integrity, Confidentiality

word

Compress Message in 16-Word Chunks

word of mouth

DCE Security Model

word operations

Bitwise Operations and Rotations

word,

Bits, Bytes, Words, and so on

words

Bits, Bytes, Words, and so on

wrap-around

rs_pgo_get()

writability, in registry property

Policy Item, Policies and Properties; rs_policy RPC Interface

writable server

RS Binding; rs_bind Interface and sec_rgy_bind API

write permission

ACL Managers, Permissions, Access Determination Algorithms

write, protection against

Security Attributes: Authenticity, Integrity, Confidentiality

write-ACL permission

ACL Managers, Permissions, Access Determination Algorithms

X.208

Key Distribution (Authentication) Services

X.209

Key Distribution (Authentication) Services

X.500, name type

Registered Syntaxes for Cell Names

X.509

Key Distribution (Authentication) Services

X3.106

CBC Mode

X3.92, no mention of weak keys

Keys to be Avoided

xattrschema

Access Control for the xattrschema Object

XNS, registered address type

Registered Host Address Types

XOR,

Bitwise Operations and Rotations

zero-length salt

Registered Authentication Data Types

Zulu time

Timestamps, Microseconds, and Clock Skew

INDEX

INDEX

1-tuple

16-bit architecture

1970 (end of time timestamp)

[??]

a priori trust,

abbreviation, of transit path

absolute expiration time

abstract syntax notation

abstracting

academic discipline

accepting weak keys

access

Access Control

access control decision

access control list (ACL),

Access Control, Attributes with Triggers

Access Control, for Attribute Types

access determination algorithm

access request, input to CADA

access semantics, of permissions

access,

access, matrix

accessor

account

account domain

account information, conceptual part of login context

account name, equals login name

account, creator

account, data (data type)

account, entry in RS datastore

account, exactly one key

account, expiration

account, flag

account, information, administration-level

account, lifetime

account, local-ID (data type)

account, name of

account, unambiguous reference

account, user-level information

account, UUID (data type)

accounts

accuracy

accuracy, of time source

ACL

ACL editor,

ACL manager API, future work

ACL manager type UUID

ACL manager type UUID, input to CADA

ACL manager,

ACL manager, ACLE types supported

ACL manager, common

ACL manager, multiple

ACL manager, permission

ACL manager, POSIX support

ACL manager, type UUID

ACL manager, types supported by RS

ACL Permissions, Generic

ACL type, not all need be supported

ACL,

ACL, common

ACL, data type

ACL, default creation

ACL, Editor

ACL, entry (ACLE) (data type)

ACL, Extensions

ACL, for xattrschema Object

ACL, identity of

ACL, initial

ACL, initial container

ACL, initial object

ACL, multiple

ACL, not supported in name-based

ACL, physical separation from referent

ACL, pointer to

ACL, protection/object

ACL, semantics interpreted by manager

ACL, type

ACL, type (data type)