Previous section.
DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group
Access Control List API
Introduction
The routines in the ACL Editor API are distinguished with names having the
prefix "sec_acl_".
Background is given in
Introduction to Security Services
,
especially
ACL Editors
.
- Note:
- The sec_acl API is designed to be a general programming interface
for managing all ACLs in such a way that the client is unaware of the
principal identity of the server that controls the objects protected by
the ACLs. As such, the server's principal name does not occur as a parameter
to the sec_acl API (see, for example,
sec_acl_bind()).
This implies, in particular, that the sec_acl API supports only
one-way (client-to-server) authentication, not mutual
(server-to-client) authentication. Applications that require mutual
authentication should use the "raw" rdacl RPC protocol, not the
sec_acl API. (Mutual authentication may be added to the
sec_acl API in a future revision of DCE.)
Please note that the html version of this specification
may contain formatting aberrations. The definitive version
is available as an electronic publication on CD-ROM
from The Open Group.